Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar" (https://www.trojaner-board.de/125075-the-document-has-moved-redirecting-popup-unten-rechts-alle-links-anklickbar.html)

prinzhessin 03.10.2012 10:36
"The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
 
Hallo zusammen,

ich habe seit ein paar Wochen bei meinem Firefox das Problem, dass ich immer mal wieder folgende Meldung erhalte: "this document has moved. redirecting..." und dann lande ich u.a. auf Seiten wie musicals.com.
Das Problem tritt gefühlt eher phasenweise auf - mal ein Mal am Tag und manchmal 15 Mal am Tag - und auch bei unterschiedlichen Seiten die ich aufrufe.
Anfangs dachte ich, dass es vielleicht an Firefox liegt, dann habe ich ihn jedoch deinstalliert und mit IE gearbeitet, aber da habe ich das selbe Problem.

Mein zweites Problem ist ein Popup Fenster unten rechts - meist in Form eines Iphones mit u.a. "Techniktrends und Tipps auf Topcoders.de".
Ich kann zwar auf ein "X" zum Schließen klicken, doch schiebt es sich immer wieder von unten ins Bild rein.

Ebenso kann ich seit ca. 1-2 Wochen nicht mehr jeden Link anklicken.
Wenn ich zum Beispiel in einem Forum mit zehn Unterforen unterwegs bin, kann ich auf die ersten drei zugreifen und die letzten sieben lassen sich einfach nicht anklicken. Das funktioniert erst nach schließen und wieder öffnen der Seite - manchmal muss ich das auch zwei, drei mal hintereinander machen.

Seit dem Wochenende habe hin und wieder das Problem, dass ich eine "404 not found" Fehlermeldung erhalte und den Hinweis, dass die Seite entweder nicht angezeigt werden kann oder aber gar nicht exisitert.
Was wiederum "hinfällig" wird, wenn ich kurz später wieder die Seite anklicke.

Sonstige Infos:
*defogger habe ich wie in der Anleitung bearbeitet, es kam jedoch weder eine Fehlermeldung noch der Hinweis, dass ich neustarten soll - Schlimm?
*OTL habe ich wie beschrieben ablaufen lassen
*ich habe ein 64bit System


Malware Log

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Nadja :: NADJALAPTOP [Administrator]

03.10.2012 11:26:08
mbam-log-2012-10-03 (11-26-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218369
Laufzeit: 3 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)




OTL Log


OTL logfile created on: 03.10.2012 10:29:53 - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\*****\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,80 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 63,77% Memory free
7,60 Gb Paging File | 5,81 Gb Available in Paging File | 76,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 190,35 Gb Free Space | 63,88% Space Free | Partition Type: NTFS
Drive D: | 324,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ***LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012.09.17 05:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.09.08 10:29:12 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.25 11:32:07 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012.08.23 15:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.07.16 06:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.07.16 06:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.05.11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.01.27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.07.04 04:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
PRC - [2011.07.04 04:02:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.06.17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe


========== Modules (No Company Name) ==========

MOD - [2012.09.08 10:29:11 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.08.25 11:32:07 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012.07.16 21:07:33 | 000,115,137 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.07.10 03:53:28 | 014,278,144 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2012.07.10 03:52:52 | 000,538,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\Kies.UI.dll
MOD - [2012.06.26 10:40:56 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2012.06.26 10:40:06 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2012.06.26 09:04:16 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\ASF_cSharpAPI.dll
MOD - [2012.06.26 09:03:18 | 000,651,216 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2012.06.26 09:03:18 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2012.06.26 09:03:16 | 000,544,208 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2012.06.26 09:03:16 | 000,003,584 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2012.06.17 13:41:44 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012.06.17 13:41:23 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.17 13:24:55 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.17 13:24:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.17 13:24:21 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.11 23:33:54 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.11 23:33:41 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.11 23:21:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 23:21:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 23:20:32 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.11 23:20:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 23:20:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 23:20:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 23:19:48 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 23:41:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011.02.01 15:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.20 19:34:28 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.30 05:06:18 | 002,011,568 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.08.23 15:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.06.04 11:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.05.11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.07.04 04:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2011.07.04 04:02:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.29 11:22:17 | 000,060,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.09.28 17:56:29 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.09.28 17:56:29 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.09.28 17:56:28 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.27 09:27:25 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.06.04 09:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.06.04 09:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.12.27 03:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.11.01 21:40:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2011.07.15 16:44:50 | 001,453,616 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.07.04 04:02:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.02.23 10:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011.02.01 15:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010.11.28 22:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 06:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 06:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.02.26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 F1 75 3A CD 98 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.2
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.09.06 11:17:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 10:29:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.11.01 22:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.19 19:05:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vx4h4iou.default\extensions
[2011.11.26 21:45:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vx4h4iou.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.19 19:05:47 | 000,616,675 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\extensions\toolbar@web.de.xpi
[2012.07.25 11:39:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.19 19:05:52 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\11-suche.xml
[2012.09.19 19:05:53 | 000,002,209 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\englische-ergebnisse.xml
[2012.09.19 19:05:52 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\gmx-suche.xml
[2012.09.19 19:05:52 | 000,002,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\lastminute.xml
[2012.09.19 19:05:52 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\webde-suche.xml
[2012.07.27 09:27:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.28 17:56:28 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.09.08 10:29:13 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.29 18:29:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 18:29:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.29 18:29:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.29 18:29:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 14:48:55 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.08.29 18:29:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.29 18:29:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.02.29 23:00:20 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23A534B0-C58D-4ECF-96CF-F37F583A8661}: DhcpNameServer = 192.168.100.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC0AC45-9BC2-4FBA-A571-FEF77AFE0C1C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.07 02:00:00 | 000,000,124 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{aaed04f5-04b1-11e1-a209-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aaed04f5-04b1-11e1-a209-806e6f6e6963}\Shell\AutoRun\command - "" = D:\_SETIMG\EPSSWT.EXE -- [2004.01.08 03:03:00 | 000,110,592 | R--- | M] (SEIKO EPSON CORPORATION)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.03 10:27:53 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.28 18:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.28 18:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.28 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.28 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.09.28 18:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.09.28 18:11:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.08 11:31:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\G DATA
[2012.09.08 10:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2012.09.05 16:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012.09.05 16:05:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee

========== Files - Modified Within 30 Days ==========

[2012.10.03 10:34:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.03 10:27:55 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.03 10:25:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.03 10:12:58 | 000,019,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.03 10:12:58 | 000,019,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.03 10:10:36 | 000,813,445 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.10.03 10:10:36 | 000,044,573 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.10.03 10:05:45 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.10.03 10:05:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.03 10:05:24 | 3061,223,424 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.29 11:22:17 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.28 18:14:43 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.28 17:56:29 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.28 17:56:29 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.28 17:56:28 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.09.06 10:58:37 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.06 10:58:37 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.06 10:58:37 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.06 10:58:37 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.06 10:58:37 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012.10.03 10:25:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.09.28 18:14:43 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.29 11:09:04 | 000,813,445 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.07.25 11:53:50 | 005,159,224 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache
[2012.07.25 11:50:18 | 000,077,918 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache
[2012.07.25 09:05:38 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2012.02.07 20:10:55 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.02.07 20:10:55 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.02.07 20:10:55 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.02.07 20:10:55 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.02.07 20:10:55 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.02.07 20:10:55 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.02.07 20:10:55 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.02.07 20:10:55 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.02.07 20:10:55 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.02.07 20:10:55 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.02.07 20:10:55 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.02.07 20:10:55 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.02.07 20:10:55 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.02.07 20:10:55 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.02.07 20:10:55 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.02.07 20:10:55 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.02.07 20:10:55 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.02.07 20:10:55 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.02.07 20:10:55 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.02.07 19:50:18 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.12.03 20:52:10 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.11.01 22:12:01 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.11.01 22:00:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.11.01 20:59:08 | 000,065,960 | ---- | C] () -- C:\Users\***\Rechnung_54797.pdf
[2011.11.01 20:40:18 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.01 20:34:12 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.11.01 20:34:11 | 000,105,408 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.11.01 20:34:09 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.07.19 23:38:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2011.11.14 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2012.07.19 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2012.07.08 14:52:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.11.26 21:45:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.12 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.06.23 17:22:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iwoli
[2012.07.08 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2012.05.10 20:31:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.11.01 22:01:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2012.03.04 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.03.04 19:25:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2012.07.19 21:37:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\toolplugin
[2012.06.23 22:04:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TravelTainment
[2012.07.08 14:53:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.06.20 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uraq
[2012.07.03 21:48:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2012.06.23 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Woone

========== Purity Check ==========



< End of report >










OTL Extras logfile created on: 03.10.2012 10:29:53 - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Nadja\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,80 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 63,77% Memory free
7,60 Gb Paging File | 5,81 Gb Available in Paging File | 76,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 190,35 Gb Free Space | 63,88% Space Free | Partition Type: NTFS
Drive D: | 324,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name:***LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Unable to open value key File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Unable to open value key File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A403D9-AF6A-4FAE-963E-21CC9CE5D173}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0DA408B6-D852-44FF-8F2C-7913B9208F8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{138C75A3-1CC6-48F4-BB27-F343BD224CD4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1DF3F26D-F8BC-4EC3-B334-1BDB8476812E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{32379AD7-A2CF-4AF9-A8FB-06659973BDFF}" = lport=138 | protocol=17 | dir=in | app=system |
"{41789C2E-C326-42C5-B8BC-9D6A6F2A819F}" = rport=445 | protocol=6 | dir=out | app=system |
"{49F001E7-6BF9-4628-BCE2-2D7BC731BD42}" = lport=137 | protocol=17 | dir=in | app=system |
"{55CBDB0B-26FD-43ED-A5E8-FC014FE5B39E}" = rport=139 | protocol=6 | dir=out | app=system |
"{6131F90F-5CFD-4C2A-B290-0F590423BA5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6ABEFE2E-0CC9-4E93-AB43-B9014A9B31C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71608B42-0DE2-42DE-B4D8-7FF28ED5045D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7203B740-6BD1-4AC4-B0FC-6669FB704906}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73F85DDE-4FD7-4CE7-931D-D76E847AAA58}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{93BC11BB-9342-49EB-97B2-07EA2F446166}" = rport=137 | protocol=17 | dir=out | app=system |
"{98094530-6D02-48FA-A97F-75C8FC2885A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E0A24A3-52E3-436D-A330-0C4205EC5C09}" = rport=138 | protocol=17 | dir=out | app=system |
"{9E2F3DDB-6DC9-4207-B0C6-41840DBB7304}" = lport=445 | protocol=6 | dir=in | app=system |
"{AFCE9267-7217-4481-B44A-E009EE45ECBB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C86FAE3B-70A2-43F9-B4B7-B027498A96D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0FEB650-ABBB-4CEE-A9E8-FCE4E72C7333}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E155CFD0-2693-4499-8958-5D7020609B01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E50BABE9-AA76-410A-9A7A-582FEBF724D6}" = lport=139 | protocol=6 | dir=in | app=system |
"{F337EE2D-5BBC-4202-907D-5DB10CEFB445}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C04880-C911-4681-95AC-37BD5E315508}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{060C3AA2-B441-4BFF-B905-831D11344FE7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0C2A916B-619B-4C5E-92E9-AF3E466DFEA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0E9E3B57-6CDD-49B8-AC6B-A93B4F3A9859}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{1065B70E-C65F-4514-8858-C89D83D480B6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1644BEA5-90B5-4CA3-A9C4-249C10C1C439}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17A2A94E-2A22-4D8D-921E-F0F2A5BED1E2}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{18606DA2-76DC-474A-B134-E7D1ABF72669}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28C6DD72-C17B-431D-A672-AE5F8326C4B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{39667991-AB14-4925-B3D8-180C6FC42793}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{39D21964-120F-4871-997E-8764A1B56AB0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3B894D54-D49C-450E-82A0-463FB7163CAA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{557EA69A-C1FE-48B4-BD20-062556236F12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{61259044-4953-4AFF-9B1A-E0A6BC72E36E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{71878232-2485-475D-B7E0-9574EA4F7172}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{759C6EC3-A6D7-4284-B6FE-A9A3FD958F54}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97285E4F-053A-4D67-ABB8-F3E72932489B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{97DF6EC4-C7AB-4A93-84FA-BB8E018599BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9859E9F8-1317-42A0-B99B-FB175636A6B2}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{A63A0B82-0B50-4410-94CF-DFA0FBB3F570}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7052BB9-ED0A-4116-9E73-649652403169}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABC2BEA6-7235-43AC-8186-60C4C5DBB0CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF3C8AAF-7833-4567-BAA1-642BF164F5C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B239727F-9B27-4DAB-84B6-8117D27B076B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BDF88069-EFD2-4CBA-9F16-FA9FCCB70D29}" = protocol=6 | dir=out | app=system |
"{C49290D2-2C68-4E92-80A4-620455510998}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D97FC52B-64DC-4A1C-AB64-068D1EEA6C92}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E18289D3-E77B-458B-ABE3-0284E0502D7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F743CF17-F4A6-4490-9702-E35FF6DE1D1D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FB15859A-BF20-432B-A285-9E87A182B15B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FD74E7CA-FFFC-47B8-B16C-16E96C02C21A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Power Management Driver" = ThinkPad Power Management Driver
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = ThinkPad UltraNav Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2F64351F-ECD6-4F4B-9D60-34C5F80FD77B}" = BistroPortal
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Benutzerhandbuch ESDX5000_CX4900" = Benutzerhandbuch ESDX5000_CX4900
"EPSON Scanner" = EPSON Scan
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01.10.2012 08:22:22 | Computer Name =***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3198

Error - 01.10.2012 08:22:22 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3198

Error - 01.10.2012 08:22:23 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01.10.2012 08:22:23 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4274

Error - 01.10.2012 08:22:23 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4274

Error - 01.10.2012 08:22:24 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01.10.2012 08:22:24 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5429

Error - 01.10.2012 08:22:24 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5429

Error - 01.10.2012 13:32:03 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01.10.2012 13:32:03 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1217

Error - 01.10.2012 13:32:03 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1217

[ System Events ]
Error - 25.03.2012 05:04:41 | Computer Name = ***Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 07.04.2012 12:27:19 | Computer Name = ***Laptop | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 15.04.2012 04:58:41 | Computer Name = ***Laptop | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 15.04.2012 10:14:42 | Computer Name = ***Laptop | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 16.04.2012 14:23:31 | Computer Name = ***Laptop | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 16.04.2012 16:20:58 | Computer Name = ***Laptop | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 16.04.2012 16:21:07 | Computer Name = ***Laptop | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 20.04.2012 13:39:34 | Computer Name = ***Laptop | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 29.04.2012 16:36:10 | Computer Name = ***Laptop | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 10.05.2012 13:37:50 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.


< End of report >


Vielleicht ist es noch gut zu wissen, dass diese Logs(?) oben für mich wie Chinesisch sind und ich über ausführliche Beschreibungen wie ich weiter vorgehen soll sehr sehr dankbar bin.

Vielen lieben Dank schon mal im Voraus für die Unterstützung :-)

prinzhessin

cosinus 04.10.2012 10:52
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

prinzhessin 05.10.2012 16:05
Hallo cosinus,

anbei die logs.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8d4ecaff2f3e0948bf40f5f224fe1677
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-05 02:56:15
# local_time=2012-10-05 04:56:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 6070486 6070486 0 0
# compatibility_mode=5893 16776573 100 94 7817 101074358 0 0
# compatibility_mode=8192 67108863 100 0 114 114 0 0
# scanned=223619
# found=2
# cleaned=2
# scan_time=4467
C:\Users\Nadja\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\user.js        JS/SecurityDisabler.A.Gen application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Nadja\Desktop\NADJA_NEU\Dokumente und Einstellungen\Nadja\Desktop\Setup-MsgPlus-500.exe        a variant of Win32/MessengerPlus.A application (deleted - quarantined)        00000000000000000000000000000000        C
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.05.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Nadja :: NADJALAPTOP [Administrator]

05.10.2012 13:46:21
mbam-log-2012-10-05 (13-46-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 441269
Laufzeit: 1 Stunde(n), 43 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Vielen Dank.

prinzhessin

cosinus 05.10.2012 18:08
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

prinzhessin 07.10.2012 20:00
Ein paar sind noch drin, allerdings weiß ich nicht, ob ich es jedes Mal vorher aktualisiert habe... :-S
In der Liste stehen auch "protection log Dateien", und zwar circa 80 Stück...Soll ich die auch alle posten? Ich hab jetzt als letztes ein von den vielen gepostet.

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.01.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***LAPTOP [Administrator]

Schutz: Aktiviert

01.04.2012 20:18:31
mbam-log-2012-04-01 (20-18-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402041
Laufzeit: 57 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.06.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***LAPTOP [Administrator]

Schutz: Aktiviert

06.04.2012 09:15:48
mbam-log-2012-04-06 (09-15-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 407615
Laufzeit: 56 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.06.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***LAPTOP [Administrator]

Schutz: Aktiviert

06.04.2012 20:35:19
mbam-log-2012-04-06 (20-35-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 408511
Laufzeit: 1 Stunde(n), 35 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***LAPTOP [Administrator]

Schutz: Aktiviert

08.05.2012 20:07:05
mbam-log-2012-05-08 (20-07-05).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 385867
Laufzeit: 1 Stunde(n), 49 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***LAPTOP [Administrator]

25.07.2012 12:02:24
mbam-log-2012-07-25 (12-02-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 380786
Laufzeit: 46 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Nadja :: ***LAPTOP [Administrator]

03.10.2012 11:26:08
mbam-log-2012-10-03 (11-26-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218369
Laufzeit: 3 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.05.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***LAPTOP [Administrator]

05.10.2012 13:46:21
mbam-log-2012-10-05 (13-46-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 441269
Laufzeit: 1 Stunde(n), 43 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:
2012/07/19 12:59:56 +0200        ***LAPTOP                ***MESSAGE        Starting protection
2012/07/19 12:59:59 +0200        ***LAPTOP        ***        MESSAGE        Protection started successfully
2012/07/19 13:00:02 +0200        ***LAPTOP        ***        MESSAGE        Starting IP protection
2012/07/19 13:00:04 +0200        ***LAPTOP***        MESSAGE        IP Protection started successfully
2012/07/19 13:17:12 +0200        ***LAPTOP        ***        IP-BLOCK        67.29.139.153 (Type: outgoing, Port: 49508, Process: firefox.exe)
2012/07/19 14:12:11 +0200        ***LAPTOP        ***        IP-BLOCK        208.73.210.29 (Type: outgoing, Port: 50290, Process: firefox.exe)
2012/07/19 16:28:47 +0200        ***LAPTOP        ***        MESSAGE        Starting protection
2012/07/19 16:28:49 +0200        ***LAPTOP        ***MESSAGE        Protection started successfully
2012/07/19 16:28:52 +0200        ***LAPTOP        ***        MESSAGE        Starting IP protection
2012/07/19 16:28:54 +0200        ***LAPTOP        ***        MESSAGE        IP Protection started successfully
2012/07/19 17:02:01 +0200        ***LAPTOP        ***        MESSAGE        Starting protection
2012/07/19 17:02:04 +0200        ***LAPTOP        ***        MESSAGE        Protection started successfully
2012/07/19 17:02:07 +0200        ***LAPTOP        ***        MESSAGE        Starting IP protection
2012/07/19 17:02:08 +0200        ***LAPTOP        ***        MESSAGE        IP Protection started successfully
2012/07/19 17:11:06 +0200        ***LAPTOP        ***        MESSAGE        Starting protection
2012/07/19 17:11:08 +0200        ***LAPTOP        ***        MESSAGE        Protection started successfully
2012/07/19 17:11:11 +0200        ***LAPTOP        ***        MESSAGE        Starting IP protection
2012/07/19 17:11:14 +0200        ***LAPTOP        ***MESSAGE        IP Protection started successfully

cosinus 07.10.2012 20:35
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

prinzhessin 07.10.2012 20:43
Code:

# AdwCleaner v2.004 - Datei am 07/10/2012 um 21:41:49 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ***LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\***\AppData\Roaming\Toolplugin

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-2490519294-738603499-2537959381-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-2490519294-738603499-2537959381-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-2490519294-738603499-2537959381-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "Search the web");
Gefunden : user_pref("browser.search.order.1", "Search the web");

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i7qpaa1s.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3350 octets] - [07/10/2012 21:40:54]
AdwCleaner[R2].txt - [3289 octets] - [07/10/2012 21:41:49]

########## EOF - C:\AdwCleaner[R2].txt - [3349 octets] ##########

cosinus 07.10.2012 20:51
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

prinzhessin 07.10.2012 21:04
Code:
# AdwCleaner v2.004 - Datei am 07/10/2012 um 21:58:53 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ***LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Toolplugin

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKU\S-1-5-21-2490519294-738603499-2537959381-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\prefs.js

Gelöscht : user_pref("browser.search.defaultenginename", "Search the web");
Gelöscht : user_pref("browser.search.order.1", "Search the web");

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\i7qpaa1s.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3350 octets] - [07/10/2012 21:40:54]
AdwCleaner[R2].txt - [3410 octets] - [07/10/2012 21:41:49]
AdwCleaner[S1].txt - [3029 octets] - [07/10/2012 21:58:53]

########## EOF - C:\AdwCleaner[S1].txt - [3089 octets] ##########

cosinus 07.10.2012 21:12
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

prinzhessin 07.10.2012 21:38
Meinst du bei 1) ob meine Probleme nach wie vor auftreten?
Also ich habe an meinen PC nur Probleme beim Surfen - zu sehr viel mehr nutze ich ihn auch nicht.
Erst eben musste ich die Seite mehrmals aktualisieren den "Antwort"Button überhaupt anklicken zu können.

zu 2)
Im Startmenü ist alles vorhanden, mir kommt nichts ungewöhnlich vor.

Ich kann mich leider nicht mehr erinnern, was ich gemacht habe bevor immer wieder das mit dem "document has moved..." kam, also was es ausgelöst haben könnte. Das würde das Ganze vielleicht einfacher machen.

cosinus 07.10.2012 21:43
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

prinzhessin 07.10.2012 22:53
OTL Logfile:
Code:
OTL logfile created on: 07.10.2012 22:50:31 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 67,67% Memory free
7,60 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 190,51 Gb Free Space | 63,93% Space Free | Partition Type: NTFS
Drive D: | 324,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.07 22:48:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.09.17 12:02:43 | 001,547,288 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe
PRC - [2012.09.17 05:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.23 15:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.07.16 06:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.07.16 06:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.05.11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.01.27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.07.04 04:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
PRC - [2011.07.04 04:02:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.16 21:07:33 | 000,115,137 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.07.10 03:53:28 | 014,278,144 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2012.07.10 03:52:52 | 000,538,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\Kies.UI.dll
MOD - [2012.06.26 10:40:56 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2012.06.26 10:40:06 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2012.06.26 09:04:16 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\ASF_cSharpAPI.dll
MOD - [2012.06.26 09:03:18 | 000,651,216 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2012.06.26 09:03:18 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2012.06.26 09:03:16 | 000,544,208 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2012.06.26 09:03:16 | 000,003,584 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2012.06.17 13:41:44 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012.06.17 13:41:23 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.17 13:24:55 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.17 13:24:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.17 13:24:21 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.11 23:33:54 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.11 23:33:41 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.11 23:21:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 23:21:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 23:20:32 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.11 23:20:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 23:20:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 23:20:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 23:19:48 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 23:41:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.02.01 15:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.20 19:34:28 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.30 05:06:18 | 002,011,568 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.08.23 15:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.14 19:40:08 | 000,828,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Users\***\AppData\Local\Temp\028495~1.EXE -- (0284951349640270mcinstcleanup)
SRV - [2012.06.04 11:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.05.11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.07.04 04:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2011.07.04 04:02:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 11:22:17 | 000,060,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.09.28 17:56:29 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.09.28 17:56:29 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.09.28 17:56:28 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.27 09:27:25 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.06.04 09:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.06.04 09:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.12.27 03:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.11.01 21:40:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2011.07.15 16:44:50 | 001,453,616 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.07.04 04:02:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.02.23 10:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011.02.01 15:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010.11.28 22:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 06:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 06:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.02.26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 F1 75 3A CD 98 CC 01  [binary data]
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.1
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 10:29:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.01 22:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.04 19:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vx4h4iou.default\extensions
[2011.11.26 21:45:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vx4h4iou.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.04 19:05:32 | 000,565,448 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\extensions\toolbar@web.de.xpi
[2012.07.25 11:39:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.04 19:05:35 | 000,000,911 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\11-suche.xml
[2012.10.04 19:05:35 | 000,002,273 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\englische-ergebnisse.xml
[2012.10.04 19:05:35 | 000,010,563 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\gmx-suche.xml
[2012.10.04 19:05:35 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\lastminute.xml
[2012.10.04 19:05:35 | 000,005,545 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\webde-suche.xml
[2012.07.27 09:27:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.28 17:56:28 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.09.08 10:29:13 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.29 18:29:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 18:29:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.29 18:29:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.29 18:29:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 14:48:55 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.08.29 18:29:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.29 18:29:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.02.29 23:00:20 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2490519294-738603499-2537959381-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2490519294-738603499-2537959381-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23A534B0-C58D-4ECF-96CF-F37F583A8661}: DhcpNameServer = 192.168.100.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC0AC45-9BC2-4FBA-A571-FEF77AFE0C1C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.07 02:00:00 | 000,000,124 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{aaed04f5-04b1-11e1-a209-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aaed04f5-04b1-11e1-a209-806e6f6e6963}\Shell\AutoRun\command - "" = D:\_SETIMG\EPSSWT.EXE -- [2004.01.08 03:03:00 | 000,110,592 | R--- | M] (SEIKO EPSON CORPORATION)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.MP42 - C:\Windows\SysWow64\MPG4C32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\SysWow64\MPG4C32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\SysWow64\MPG4C32.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.05 15:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.05 14:03:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.10.03 11:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.03 11:22:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.03 11:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.03 10:27:53 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.28 18:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.28 18:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.28 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.28 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.09.28 18:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.09.28 18:11:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.08 11:31:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\G DATA
[2012.09.08 10:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 22:34:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.07 22:07:30 | 000,019,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 22:07:30 | 000,019,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 22:04:18 | 000,000,000 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2012.10.07 22:00:20 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.10.07 22:00:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 22:00:09 | 3061,223,424 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.07 17:57:16 | 000,817,683 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.10.07 17:57:16 | 000,044,703 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.10.05 14:03:43 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.10.03 11:23:32 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.03 10:27:55 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***
\Desktop\OTL.exe
[2012.10.03 10:25:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.09.29 11:22:17 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.28 18:14:43 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.28 17:56:29 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.28 17:56:29 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.28 17:56:28 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.07 22:04:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2012.10.03 11:22:45 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.03 10:25:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.09.28 18:14:43 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.29 11:09:04 | 000,817,683 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.07.25 11:53:50 | 005,159,224 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache
[2012.07.25 11:50:18 | 000,077,918 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache
[2012.07.25 09:05:38 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2012.02.07 20:10:55 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.02.07 20:10:55 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.02.07 20:10:55 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.02.07 20:10:55 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.02.07 20:10:55 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.02.07 20:10:55 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.02.07 20:10:55 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.02.07 20:10:55 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.02.07 20:10:55 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.02.07 20:10:55 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.02.07 20:10:55 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.02.07 20:10:55 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.02.07 20:10:55 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.02.07 20:10:55 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.02.07 20:10:55 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.02.07 20:10:55 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.02.07 20:10:55 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.02.07 20:10:55 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.02.07 20:10:55 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.02.07 19:50:18 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.12.03 20:52:10 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.11.01 22:12:01 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.11.01 22:00:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.11.01 20:59:08 | 000,065,960 | ---- | C] () -- C:\Users\***\Rechnung_54797.pdf
[2011.11.01 20:40:18 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.01 20:34:12 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.11.01 20:34:11 | 000,105,408 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.11.01 20:34:09 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.11 21:24:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2012.07.19 23:38:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2011.11.14 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2012.07.19 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2012.07.08 14:52:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.11.26 21:45:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.12 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.06.23 17:22:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iwoli
[2012.05.10 20:31:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.11.01 22:01:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2012.03.04 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.03.04 19:25:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2012.06.23 22:04:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TravelTainment
[2012.07.08 14:53:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.06.20 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uraq
[2012.07.03 21:48:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2012.06.23 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Woone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.19 23:38:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2011.11.06 21:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.04.15 19:18:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.11.14 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2012.07.19 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2012.07.08 14:52:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.11.26 21:45:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.12 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2011.11.01 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.11.01 21:35:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel
[2012.06.23 17:22:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iwoli
[2011.11.02 20:54:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.04.01 10:55:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 09:45:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.09.08 11:26:24 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.11.01 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.05.10 20:31:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.11.01 22:01:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2012.03.04 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.03.04 19:25:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2012.06.23 22:04:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TravelTainment
[2012.07.08 14:53:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.06.20 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uraq
[2012.07.03 21:48:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2012.06.23 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Woone
 
< %APPDATA%\*.exe /s >
[2011.12.03 20:52:06 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2012.05.10 20:21:25 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2012.03.16 23:14:24 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.03.16 23:14:24 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.03.16 23:14:24 | 000,021,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.07.10 03:58:52 | 000,975,800 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2012.07.10 03:58:56 | 000,278,968 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2012.07.10 03:58:54 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2012.06.26 09:03:38 | 000,716,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2012.07.10 03:58:58 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2012.07.10 03:59:00 | 000,183,736 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.07.10 03:59:02 | 000,021,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.07.10 03:59:04 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
[2012.07.16 06:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2012.07.16 06:23:58 | 000,278,968 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2012.07.16 06:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2012.07.16 06:19:36 | 000,717,312 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2012.07.16 06:24:02 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2012.07.16 06:24:04 | 000,183,736 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2012.07.16 06:24:06 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2012.02.03 18:50:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.07.16 06:24:08 | 000,451,000 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 06:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 06:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 05:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 05:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.02 19:06:57 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >
--- --- ---

prinzhessin 07.10.2012 22:54
OTL Logfile:
Code:
OTL logfile created on: 07.10.2012 22:50:31 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 67,67% Memory free
7,60 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 190,51 Gb Free Space | 63,93% Space Free | Partition Type: NTFS
Drive D: | 324,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.07 22:48:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.09.17 12:02:43 | 001,547,288 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe
PRC - [2012.09.17 05:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.23 15:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.07.16 06:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.07.16 06:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.05.11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.01.27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.07.04 04:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
PRC - [2011.07.04 04:02:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.16 21:07:33 | 000,115,137 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.07.10 03:53:28 | 014,278,144 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2012.07.10 03:52:52 | 000,538,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\Kies.UI.dll
MOD - [2012.06.26 10:40:56 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2012.06.26 10:40:06 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2012.06.26 09:04:16 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\ASF_cSharpAPI.dll
MOD - [2012.06.26 09:03:18 | 000,651,216 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2012.06.26 09:03:18 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2012.06.26 09:03:16 | 000,544,208 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2012.06.26 09:03:16 | 000,003,584 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2012.06.17 13:41:44 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012.06.17 13:41:23 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.17 13:24:55 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.17 13:24:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.17 13:24:21 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.11 23:33:54 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.11 23:33:41 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.11 23:21:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 23:21:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 23:20:32 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.11 23:20:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 23:20:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 23:20:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 23:19:48 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 23:41:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.02.01 15:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.20 19:34:28 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.30 05:06:18 | 002,011,568 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.08.23 15:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.14 19:40:08 | 000,828,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Users\***\AppData\Local\Temp\028495~1.EXE -- (0284951349640270mcinstcleanup)
SRV - [2012.06.04 11:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.05.11 17:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.07.04 04:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2011.07.04 04:02:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 11:22:17 | 000,060,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.09.28 17:56:29 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.09.28 17:56:29 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.09.28 17:56:28 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.27 09:27:25 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.06.04 09:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.06.04 09:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.12.27 03:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.11.01 21:40:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2011.07.15 16:44:50 | 001,453,616 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.07.04 04:02:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.02.23 10:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011.02.01 15:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010.11.28 22:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 06:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 06:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.02.26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 F1 75 3A CD 98 CC 01  [binary data]
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.1
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 10:29:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.01 22:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.04 19:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vx4h4iou.default\extensions
[2011.11.26 21:45:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vx4h4iou.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.04 19:05:32 | 000,565,448 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\extensions\toolbar@web.de.xpi
[2012.07.25 11:39:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.04 19:05:35 | 000,000,911 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\11-suche.xml
[2012.10.04 19:05:35 | 000,002,273 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\englische-ergebnisse.xml
[2012.10.04 19:05:35 | 000,010,563 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\gmx-suche.xml
[2012.10.04 19:05:35 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\lastminute.xml
[2012.10.04 19:05:35 | 000,005,545 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vx4h4iou.default\searchplugins\webde-suche.xml
[2012.07.27 09:27:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.28 17:56:28 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.09.08 10:29:13 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.29 18:29:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 18:29:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.29 18:29:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.29 18:29:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 14:48:55 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.08.29 18:29:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.29 18:29:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.02.29 23:00:20 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2490519294-738603499-2537959381-1000\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2490519294-738603499-2537959381-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2490519294-738603499-2537959381-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23A534B0-C58D-4ECF-96CF-F37F583A8661}: DhcpNameServer = 192.168.100.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC0AC45-9BC2-4FBA-A571-FEF77AFE0C1C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.07 02:00:00 | 000,000,124 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{aaed04f5-04b1-11e1-a209-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aaed04f5-04b1-11e1-a209-806e6f6e6963}\Shell\AutoRun\command - "" = D:\_SETIMG\EPSSWT.EXE -- [2004.01.08 03:03:00 | 000,110,592 | R--- | M] (SEIKO EPSON CORPORATION)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.MP42 - C:\Windows\SysWow64\MPG4C32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\SysWow64\MPG4C32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\SysWow64\MPG4C32.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.05 15:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.05 14:03:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.10.03 11:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.03 11:22:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.03 11:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.03 10:27:53 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.28 18:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.28 18:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.28 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.28 18:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.09.28 18:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.09.28 18:11:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.08 11:31:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\G DATA
[2012.09.08 10:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 22:34:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.07 22:07:30 | 000,019,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 22:07:30 | 000,019,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 22:04:18 | 000,000,000 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2012.10.07 22:00:20 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.10.07 22:00:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 22:00:09 | 3061,223,424 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.07 17:57:16 | 000,817,683 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.10.07 17:57:16 | 000,044,703 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.10.05 14:03:43 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.10.03 11:23:32 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.03 10:27:55 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***
\Desktop\OTL.exe
[2012.10.03 10:25:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.09.29 11:22:17 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.09.28 18:14:43 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.28 17:56:29 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.09.28 17:56:29 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.09.28 17:56:28 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.07 22:04:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2012.10.03 11:22:45 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.03 10:25:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.09.28 18:14:43 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.29 11:09:04 | 000,817,683 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.07.25 11:53:50 | 005,159,224 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache
[2012.07.25 11:50:18 | 000,077,918 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache
[2012.07.25 09:05:38 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2012.02.07 20:10:55 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.02.07 20:10:55 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.02.07 20:10:55 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.02.07 20:10:55 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.02.07 20:10:55 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.02.07 20:10:55 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.02.07 20:10:55 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.02.07 20:10:55 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.02.07 20:10:55 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.02.07 20:10:55 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.02.07 20:10:55 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.02.07 20:10:55 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.02.07 20:10:55 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.02.07 20:10:55 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.02.07 20:10:55 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.02.07 20:10:55 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.02.07 20:10:55 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.02.07 20:10:55 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.02.07 20:10:55 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.02.07 19:50:18 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX5000EFDG.ini
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.12.03 20:52:10 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.11.01 22:12:01 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.11.01 22:00:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.11.01 20:59:08 | 000,065,960 | ---- | C] () -- C:\Users\***\Rechnung_54797.pdf
[2011.11.01 20:40:18 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.01 20:34:12 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.11.01 20:34:11 | 000,105,408 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.11.01 20:34:09 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.11 21:24:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2012.07.19 23:38:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2011.11.14 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2012.07.19 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2012.07.08 14:52:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.11.26 21:45:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.12 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.06.23 17:22:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iwoli
[2012.05.10 20:31:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.11.01 22:01:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2012.03.04 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.03.04 19:25:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2012.06.23 22:04:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TravelTainment
[2012.07.08 14:53:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.06.20 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uraq
[2012.07.03 21:48:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2012.06.23 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Woone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.19 23:38:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2011.11.06 21:19:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.04.15 19:18:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.11.14 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2012.07.19 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2012.07.08 14:52:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.11.26 21:45:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.12 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2011.11.01 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.11.01 21:35:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel
[2012.06.23 17:22:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iwoli
[2011.11.02 20:54:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.04.01 10:55:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 09:45:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.09.08 11:26:24 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.11.01 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.05.10 20:31:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.11.01 22:01:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2012.03.04 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.03.04 19:25:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2012.06.23 22:04:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TravelTainment
[2012.07.08 14:53:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.06.20 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uraq
[2012.07.03 21:48:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2012.06.23 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Woone
 
< %APPDATA%\*.exe /s >
[2011.12.03 20:52:06 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2012.05.10 20:21:25 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2012.03.16 23:14:24 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.03.16 23:14:24 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.03.16 23:14:24 | 000,021,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.07.10 03:58:52 | 000,975,800 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2012.07.10 03:58:56 | 000,278,968 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2012.07.10 03:58:54 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2012.06.26 09:03:38 | 000,716,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2012.07.10 03:58:58 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2012.07.10 03:59:00 | 000,183,736 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.07.10 03:59:02 | 000,021,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.07.10 03:59:04 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
[2012.07.16 06:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2012.07.16 06:23:58 | 000,278,968 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2012.07.16 06:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2012.07.16 06:19:36 | 000,717,312 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2012.07.16 06:24:02 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2012.07.16 06:24:04 | 000,183,736 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2012.07.16 06:24:06 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2012.02.03 18:50:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.07.16 06:24:08 | 000,451,000 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 06:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 06:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 05:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 05:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.02 19:06:57 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >
--- --- ---
[/code]

cosinus 08.10.2012 11:03
Code:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23A534B0-C58D-4ECF-96CF-F37F583A8661}: DhcpNameServer = 192.168.100.201
Ist das rein zufällig ein Büro-/Firmenrechner?

prinzhessin 08.10.2012 12:31
Nein, das ist mein privater Laptop.

cosinus 08.10.2012 13:20
Und warum dann eine Professional Edition sowie zwei Netzwerksegmente => 192.168.100.0 und 192.168.2.0 ?

prinzhessin 08.10.2012 13:33
Ich habe meinen Laptop ohne Betriebssystem und die Professional Edition - auf anraten der Familie - separat gekauft.
Was zwei Netwerksysteme bedeuten weiß ich nicht.

cosinus 08.10.2012 15:43
Zitat:
Ich habe meinen Laptop ohne Betriebssystem
Das ist äußerst selten - wo bitte bekommt man denn ein Notebook ohne Betriebssystem?

Zitat:
- auf anraten der Familie - separat gekauft.
Und wozu benötigt man eine Pro-Edition? Die teurer ist als eine Home Variante? Zudem wäre das Notebook mit dem OEM-Windows dabei wohl auch noch günstiger gewesen als deine Kombination

Zitat:
Was zwei Netwerksysteme bedeuten weiß ich nicht.
Dein Rechner war bzw. ist in zwei verschiedenen Netzwerken gewesen aber das spielt erstmal keine Rolle jetzt

prinzhessin 08.10.2012 17:27
Zitat:
Zitat von cosinus (Beitrag 933585)
Das ist äußerst selten - wo bitte bekommt man denn ein Notebook ohne Betriebssystem?
Darf man hier Links posten? Gibt es auf einer bekannten Seite wo man u.a. mein Notebook ohne Windows billiger bekommen hat.



Zitat:
Zitat von cosinus (Beitrag 933585)
Und wozu benötigt man eine Pro-Edition? Die teurer ist als eine Home Variante? Zudem wäre das Notebook mit dem OEM-Windows dabei wohl auch noch günstiger gewesen als deine Kombination
Ist das relevant für mein Problem?

Zitat:
Zitat von cosinus (Beitrag 933585)
Dein Rechner war bzw. ist in zwei verschiedenen Netzwerken gewesen aber das spielt erstmal keine Rolle jetzt
Ich habe mal in mein Netzwerk und Freigabecenter geschaut.
Mein W-Lan hat mich mal immer wieder rausgeworfen und dann konnte ich irgendwann mal keine Verbindung mehr herstellen.
Dann habe ich probiert eine zweite aufzubauen, weil ich die alte nicht mehr auswählen konnte. Kann das daran liegen?
Oder wenn ich bei Familienmitgliedern im W-Lan drin war?

cosinus 08.10.2012 18:45
Zitat:
Ist das relevant für mein Problem?
Nein aber relevant für unsere Regeln, und wenn ich einen Verdacht habe gehe ich dem nach - denn Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

prinzhessin 08.10.2012 18:50
Klar, verstehe. Das ist mein privater Laptop, die Pro Edition habe ich wie gesagt auf Anraten der Familie gekauft.

cosinus 09.10.2012 10:17
Und genau das Geld hättest du dir sparen können - die Pro-Variante wird zu Huse nicht benötigt, oder braucht man das Feature einer Windows-Domäne beizutreten, wohl kaum oder? :pfeiff:
Wie sieht es aus mit Remotedesktop und Windows-XP-Modus, ist alles nur nice2have aber nicht unbedingt ein Muss, vilees lässt sich mit freien Tools nachrüsten wenn man es denn unbedingt braucht!


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
[2012.06.20 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uraq
FF - user.js - File not found
:Files
C:\Users\Nadja\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\user.js
C:\Users\Nadja\Desktop\NADJA_NEU\Dokumente und Einstellungen\Nadja\Desktop\Setup-MsgPlus-500.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

prinzhessin 11.10.2012 20:04
Code:
All processes killed
========== OTL ==========
Folder C:\Users\***\AppData\Roaming\Uraq\ not found.
========== FILES ==========
File\Folder C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\user.js not found.
File\Folder C:\Users\***\Desktop\***_NEU\Dokumente und Einstellungen\***\Desktop\Setup-MsgPlus-500.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 573440 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 579925156 bytes
->Opera cache emptied: 9021994 bytes
->Flash cache emptied: 14392 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11890184 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 1009581188 bytes
 
Total Files Cleaned = 1.536,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.70.1 log created on 10112012_205506

Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 12.10.2012 10:30
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

prinzhessin 12.10.2012 12:22
Code:
13:17:24.0371 4760  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:17:26.0131 4760  ============================================================
13:17:26.0131 4760  Current date / time: 2012/10/12 13:17:26.0131
13:17:26.0131 4760  SystemInfo:
13:17:26.0131 4760 
13:17:26.0131 4760  OS Version: 6.1.7601 ServicePack: 1.0
13:17:26.0131 4760  Product type: Workstation
13:17:26.0131 4760  ComputerName: NADJALAPTOP
13:17:26.0131 4760  UserName: Nadja
13:17:26.0131 4760  Windows directory: C:\Windows
13:17:26.0131 4760  System windows directory: C:\Windows
13:17:26.0131 4760  Running under WOW64
13:17:26.0131 4760  Processor architecture: Intel x64
13:17:26.0131 4760  Number of processors: 2
13:17:26.0131 4760  Page size: 0x1000
13:17:26.0131 4760  Boot type: Normal boot
13:17:26.0131 4760  ============================================================
13:17:51.0734 4760  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:17:51.0754 4760  ============================================================
13:17:51.0754 4760  \Device\Harddisk0\DR0:
13:17:51.0754 4760  MBR partitions:
13:17:51.0754 4760  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:17:51.0754 4760  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
13:17:51.0754 4760  ============================================================
13:17:51.0764 4760  C: <-> \Device\Harddisk0\DR0\Partition2
13:17:51.0764 4760  ============================================================
13:17:51.0764 4760  Initialize success
13:17:51.0764 4760  ============================================================
13:19:41.0788 4352  ============================================================
13:19:41.0788 4352  Scan started
13:19:41.0788 4352  Mode: Manual; SigCheck; TDLFS;
13:19:41.0788 4352  ============================================================
13:19:42.0459 4352  ================ Scan system memory ========================
13:19:42.0459 4352  System memory - ok
13:19:42.0459 4352  ================ Scan services =============================
13:19:42.0600 4352  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:19:42.0834 4352  1394ohci - ok
13:19:42.0865 4352  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:19:42.0912 4352  ACPI - ok
13:19:42.0943 4352  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
13:19:43.0005 4352  AcpiPmi - ok
13:19:43.0083 4352  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:19:43.0099 4352  AdobeARMservice - ok
13:19:43.0224 4352  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:19:43.0270 4352  AdobeFlashPlayerUpdateSvc - ok
13:19:43.0317 4352  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
13:19:43.0380 4352  adp94xx - ok
13:19:43.0442 4352  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
13:19:43.0520 4352  adpahci - ok
13:19:43.0536 4352  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
13:19:43.0567 4352  adpu320 - ok
13:19:43.0598 4352  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
13:19:43.0770 4352  AeLookupSvc - ok
13:19:43.0832 4352  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
13:19:43.0894 4352  AFD - ok
13:19:43.0926 4352  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:19:43.0957 4352  agp440 - ok
13:19:44.0004 4352  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
13:19:44.0035 4352  ALG - ok
13:19:44.0050 4352  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:19:44.0082 4352  aliide - ok
13:19:44.0082 4352  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:19:44.0113 4352  amdide - ok
13:19:44.0160 4352  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
13:19:44.0206 4352  AmdK8 - ok
13:19:44.0222 4352  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:19:44.0269 4352  AmdPPM - ok
13:19:44.0284 4352  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata        C:\Windows\system32\drivers\amdsata.sys
13:19:44.0331 4352  amdsata - ok
13:19:44.0362 4352  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:19:44.0394 4352  amdsbs - ok
13:19:44.0409 4352  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
13:19:44.0425 4352  amdxata - ok
13:19:44.0472 4352  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
13:19:44.0565 4352  AppID - ok
13:19:44.0581 4352  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:19:44.0674 4352  AppIDSvc - ok
13:19:44.0690 4352  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
13:19:44.0752 4352  Appinfo - ok
13:19:44.0815 4352  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:19:44.0846 4352  Apple Mobile Device - ok
13:19:44.0862 4352  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt        C:\Windows\System32\appmgmts.dll
13:19:44.0924 4352  AppMgmt - ok
13:19:44.0955 4352  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
13:19:44.0986 4352  arc - ok
13:19:45.0002 4352  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:19:45.0018 4352  arcsas - ok
13:19:45.0049 4352  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:19:45.0142 4352  AsyncMac - ok
13:19:45.0158 4352  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
13:19:45.0174 4352  atapi - ok
13:19:45.0205 4352  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:19:45.0283 4352  AudioEndpointBuilder - ok
13:19:45.0283 4352  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:19:45.0345 4352  AudioSrv - ok
13:19:45.0470 4352  [ C48176DA44D0298A7075D3C5CF8C3D8D ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
13:19:45.0548 4352  AVKProxy - ok
13:19:45.0610 4352  [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService      C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
13:19:45.0642 4352  AVKService - ok
13:19:45.0720 4352  [ 22F1444896844B0462359825EF628507 ] AVKWCtl        C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
13:19:45.0829 4352  AVKWCtl - ok
13:19:45.0844 4352  avqferzi - ok
13:19:45.0891 4352  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:19:45.0985 4352  AxInstSV - ok
13:19:46.0016 4352  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
13:19:46.0078 4352  b06bdrv - ok
13:19:46.0110 4352  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:19:46.0156 4352  b57nd60a - ok
13:19:46.0203 4352  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:19:46.0266 4352  BDESVC - ok
13:19:46.0266 4352  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:19:46.0359 4352  Beep - ok
13:19:46.0406 4352  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
13:19:46.0500 4352  BFE - ok
13:19:46.0515 4352  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
13:19:46.0593 4352  BITS - ok
13:19:46.0593 4352  bknyckwb - ok
13:19:46.0640 4352  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:19:46.0671 4352  blbdrive - ok
13:19:46.0718 4352  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:19:46.0749 4352  bowser - ok
13:19:46.0780 4352  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:19:46.0874 4352  BrFiltLo - ok
13:19:46.0874 4352  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:19:46.0905 4352  BrFiltUp - ok
13:19:46.0952 4352  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
13:19:46.0999 4352  Browser - ok
13:19:47.0030 4352  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
13:19:47.0108 4352  Brserid - ok
13:19:47.0124 4352  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:19:47.0186 4352  BrSerWdm - ok
13:19:47.0202 4352  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:19:47.0248 4352  BrUsbMdm - ok
13:19:47.0264 4352  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:19:47.0311 4352  BrUsbSer - ok
13:19:47.0342 4352  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
13:19:47.0389 4352  BthEnum - ok
13:19:47.0420 4352  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:19:47.0467 4352  BTHMODEM - ok
13:19:47.0498 4352  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:19:47.0545 4352  BthPan - ok
13:19:47.0576 4352  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
13:19:47.0654 4352  BTHPORT - ok
13:19:47.0685 4352  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
13:19:47.0794 4352  bthserv - ok
13:19:47.0810 4352  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
13:19:47.0841 4352  BTHUSB - ok
13:19:47.0872 4352  [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
13:19:47.0888 4352  btusbflt - ok
13:19:47.0904 4352  btwaudio - ok
13:19:47.0904 4352  btwavdt - ok
13:19:47.0919 4352  btwl2cap - ok
13:19:47.0919 4352  btwrchid - ok
13:19:47.0950 4352  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:19:48.0013 4352  cdfs - ok
13:19:48.0060 4352  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\drivers\cdrom.sys
13:19:48.0106 4352  cdrom - ok
13:19:48.0138 4352  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
13:19:48.0247 4352  CertPropSvc - ok
13:19:48.0278 4352  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:19:48.0294 4352  circlass - ok
13:19:48.0325 4352  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:19:48.0356 4352  CLFS - ok
13:19:48.0403 4352  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:19:48.0434 4352  clr_optimization_v2.0.50727_32 - ok
13:19:48.0465 4352  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:19:48.0496 4352  clr_optimization_v2.0.50727_64 - ok
13:19:48.0543 4352  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:19:48.0574 4352  CmBatt - ok
13:19:48.0621 4352  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:19:48.0637 4352  cmdide - ok
13:19:48.0684 4352  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
13:19:48.0746 4352  CNG - ok
13:19:48.0777 4352  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:19:48.0808 4352  Compbatt - ok
13:19:48.0840 4352  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:19:48.0871 4352  CompositeBus - ok
13:19:48.0886 4352  COMSysApp - ok
13:19:48.0902 4352  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
13:19:48.0918 4352  crcdisk - ok
13:19:48.0964 4352  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:19:48.0980 4352  CryptSvc - ok
13:19:49.0027 4352  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC            C:\Windows\system32\drivers\csc.sys
13:19:49.0089 4352  CSC - ok
13:19:49.0120 4352  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
13:19:49.0167 4352  CscService - ok
13:19:49.0183 4352  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:19:49.0261 4352  DcomLaunch - ok
13:19:49.0261 4352  ddrbijkc - ok
13:19:49.0292 4352  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
13:19:49.0370 4352  defragsvc - ok
13:19:49.0386 4352  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:19:49.0448 4352  DfsC - ok
13:19:49.0479 4352  [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
13:19:49.0510 4352  dg_ssudbus - ok
13:19:49.0557 4352  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:19:49.0666 4352  Dhcp - ok
13:19:49.0698 4352  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:19:49.0776 4352  discache - ok
13:19:49.0807 4352  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:19:49.0838 4352  Disk - ok
13:19:49.0869 4352  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:19:49.0916 4352  Dnscache - ok
13:19:49.0932 4352  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
13:19:50.0011 4352  dot3svc - ok
13:19:50.0042 4352  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
13:19:50.0089 4352  DPS - ok
13:19:50.0120 4352  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
13:19:50.0182 4352  drmkaud - ok
13:19:50.0213 4352  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
13:19:50.0307 4352  DXGKrnl - ok
13:19:50.0323 4352  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
13:19:50.0401 4352  EapHost - ok
13:19:50.0494 4352  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
13:19:50.0635 4352  ebdrv - ok
13:19:50.0666 4352  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
13:19:50.0697 4352  EFS - ok
13:19:50.0744 4352  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
13:19:50.0837 4352  ehRecvr - ok
13:19:50.0853 4352  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
13:19:50.0884 4352  ehSched - ok
13:19:50.0947 4352  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
13:19:50.0993 4352  elxstor - ok
13:19:51.0025 4352  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:19:51.0040 4352  ErrDev - ok
13:19:51.0087 4352  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
13:19:51.0165 4352  EventSystem - ok
13:19:51.0196 4352  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
13:19:51.0259 4352  exfat - ok
13:19:51.0290 4352  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
13:19:51.0352 4352  fastfat - ok
13:19:51.0383 4352  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
13:19:51.0446 4352  Fax - ok
13:19:51.0461 4352  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
13:19:51.0508 4352  fdc - ok
13:19:51.0524 4352  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
13:19:51.0602 4352  fdPHost - ok
13:19:51.0617 4352  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:19:51.0680 4352  FDResPub - ok
13:19:51.0711 4352  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:19:51.0727 4352  FileInfo - ok
13:19:51.0742 4352  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
13:19:51.0805 4352  Filetrace - ok
13:19:51.0805 4352  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:19:51.0820 4352  flpydisk - ok
13:19:51.0851 4352  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:19:51.0867 4352  FltMgr - ok
13:19:51.0914 4352  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache      C:\Windows\system32\FntCache.dll
13:19:51.0992 4352  FontCache - ok
13:19:52.0039 4352  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:19:52.0054 4352  FontCache3.0.0.0 - ok
13:19:52.0085 4352  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
13:19:52.0101 4352  FsDepends - ok
13:19:52.0163 4352  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:19:52.0195 4352  Fs_Rec - ok
13:19:52.0226 4352  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:19:52.0273 4352  fvevol - ok
13:19:52.0304 4352  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:19:52.0335 4352  gagp30kx - ok
13:19:52.0366 4352  [ D201C1F6B0F5E4F202CBCB75D6352E63 ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
13:19:52.0397 4352  GDBehave - ok
13:19:52.0475 4352  [ 2922B4D0AA4095797E66D87F08CA4D72 ] GDFwSvc        C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
13:19:52.0585 4352  GDFwSvc - ok
13:19:52.0616 4352  [ E1558301938B6CF92F7677224D3FB6F7 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
13:19:52.0647 4352  GDMnIcpt - ok
13:19:52.0663 4352  [ 5F1E5EAE8F08B6E2FABE8345E0BDFE48 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
13:19:52.0678 4352  GDPkIcpt - ok
13:19:52.0741 4352  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
13:19:52.0787 4352  GDScan - ok
13:19:52.0834 4352  [ 4ECBCAD43B7FED6F135BF108BB71434D ] gdwfpcd        C:\Windows\system32\drivers\gdwfpcd64.sys
13:19:52.0850 4352  gdwfpcd - ok
13:19:52.0928 4352  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:19:52.0959 4352  GEARAspiWDM - ok
13:19:52.0990 4352  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
13:19:53.0115 4352  gpsvc - ok
13:19:53.0146 4352  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:19:53.0209 4352  hcw85cir - ok
13:19:53.0240 4352  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:19:53.0302 4352  HdAudAddService - ok
13:19:53.0333 4352  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:19:53.0396 4352  HDAudBus - ok
13:19:53.0411 4352  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
13:19:53.0443 4352  HidBatt - ok
13:19:53.0458 4352  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:19:53.0489 4352  HidBth - ok
13:19:53.0521 4352  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
13:19:53.0567 4352  HidIr - ok
13:19:53.0583 4352  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
13:19:53.0677 4352  hidserv - ok
13:19:53.0708 4352  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:19:53.0755 4352  HidUsb - ok
13:19:53.0801 4352  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:19:53.0895 4352  hkmsvc - ok
13:19:53.0926 4352  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:19:53.0973 4352  HomeGroupListener - ok
13:19:54.0004 4352  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:19:54.0051 4352  HomeGroupProvider - ok
13:19:54.0067 4352  [ 3CD18F0B3681FB267E67763CC3152D4E ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
13:19:54.0082 4352  HookCentre - ok
13:19:54.0113 4352  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:19:54.0160 4352  HpSAMD - ok
13:19:54.0207 4352  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:19:54.0332 4352  HTTP - ok
13:19:54.0379 4352  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:19:54.0410 4352  hwpolicy - ok
13:19:54.0457 4352  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:19:54.0488 4352  i8042prt - ok
13:19:54.0535 4352  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
13:19:54.0581 4352  iaStorV - ok
13:19:54.0613 4352  [ A9BD44426A69079240767FE4AEE0EA71 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:19:54.0628 4352  IBMPMDRV - ok
13:19:54.0644 4352  [ 57D4A3ED5497DB0C5A53E680A9BDD1C6 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
13:19:54.0675 4352  IBMPMSVC - ok
13:19:54.0722 4352  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:19:54.0800 4352  idsvc - ok
13:19:55.0065 4352  [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:19:55.0517 4352  igfx - ok
13:19:55.0549 4352  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
13:19:55.0580 4352  iirsp - ok
13:19:55.0627 4352  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:19:55.0736 4352  IKEEXT - ok
13:19:55.0767 4352  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd          C:\Windows\system32\DRIVERS\Impcd.sys
13:19:55.0814 4352  Impcd - ok
13:19:55.0845 4352  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:19:55.0907 4352  IntcDAud - ok
13:19:55.0939 4352  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:19:55.0970 4352  intelide - ok
13:19:56.0001 4352  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:19:56.0049 4352  intelppm - ok
13:19:56.0080 4352  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
13:19:56.0174 4352  IPBusEnum - ok
13:19:56.0189 4352  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:19:56.0283 4352  IpFilterDriver - ok
13:19:56.0330 4352  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:19:56.0408 4352  iphlpsvc - ok
13:19:56.0423 4352  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
13:19:56.0454 4352  IPMIDRV - ok
13:19:56.0470 4352  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
13:19:56.0532 4352  IPNAT - ok
13:19:56.0610 4352  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:19:56.0673 4352  iPod Service - ok
13:19:56.0688 4352  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:19:56.0766 4352  IRENUM - ok
13:19:56.0798 4352  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:19:56.0829 4352  isapnp - ok
13:19:56.0860 4352  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:19:56.0907 4352  iScsiPrt - ok
13:19:56.0938 4352  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:19:56.0969 4352  kbdclass - ok
13:19:56.0985 4352  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:19:57.0032 4352  kbdhid - ok
13:19:57.0047 4352  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:19:57.0078 4352  KeyIso - ok
13:19:57.0125 4352  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:19:57.0156 4352  KSecDD - ok
13:19:57.0172 4352  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
13:19:57.0203 4352  KSecPkg - ok
13:19:57.0234 4352  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
13:19:57.0297 4352  ksthunk - ok
13:19:57.0328 4352  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
13:19:57.0390 4352  KtmRm - ok
13:19:57.0422 4352  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:19:57.0484 4352  LanmanServer - ok
13:19:57.0500 4352  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:19:57.0609 4352  LanmanWorkstation - ok
13:19:57.0640 4352  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:19:57.0718 4352  lltdio - ok
13:19:57.0749 4352  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
13:19:57.0827 4352  lltdsvc - ok
13:19:57.0843 4352  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
13:19:57.0905 4352  lmhosts - ok
13:19:57.0936 4352  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:19:57.0952 4352  LSI_FC - ok
13:19:57.0968 4352  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
13:19:57.0983 4352  LSI_SAS - ok
13:19:57.0999 4352  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:19:58.0014 4352  LSI_SAS2 - ok
13:19:58.0030 4352  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:19:58.0046 4352  LSI_SCSI - ok
13:19:58.0061 4352  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
13:19:58.0124 4352  luafv - ok
13:19:58.0155 4352  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
13:19:58.0170 4352  MBAMProtector - ok
13:19:58.0186 4352  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:19:58.0202 4352  MBAMScheduler - ok
13:19:58.0264 4352  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:19:58.0311 4352  MBAMService - ok
13:19:58.0342 4352  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
13:19:58.0451 4352  Mcx2Svc - ok
13:19:58.0482 4352  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
13:19:58.0498 4352  megasas - ok
13:19:58.0529 4352  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:19:58.0560 4352  MegaSR - ok
13:19:58.0592 4352  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
13:19:58.0654 4352  MMCSS - ok
13:19:58.0670 4352  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
13:19:58.0732 4352  Modem - ok
13:19:58.0763 4352  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
13:19:58.0794 4352  monitor - ok
13:19:58.0826 4352  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:19:58.0841 4352  mouclass - ok
13:19:58.0857 4352  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:19:58.0888 4352  mouhid - ok
13:19:58.0904 4352  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:19:58.0919 4352  mountmgr - ok
13:19:58.0935 4352  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:19:58.0966 4352  mpio - ok
13:19:58.0966 4352  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:19:59.0028 4352  mpsdrv - ok
13:19:59.0075 4352  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:19:59.0138 4352  MpsSvc - ok
13:19:59.0153 4352  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:19:59.0200 4352  MRxDAV - ok
13:19:59.0216 4352  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:19:59.0262 4352  mrxsmb - ok
13:19:59.0294 4352  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:19:59.0309 4352  mrxsmb10 - ok
13:19:59.0325 4352  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:19:59.0340 4352  mrxsmb20 - ok
13:19:59.0356 4352  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:19:59.0372 4352  msahci - ok
13:19:59.0403 4352  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
13:19:59.0418 4352  msdsm - ok
13:19:59.0434 4352  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
13:19:59.0465 4352  MSDTC - ok
13:19:59.0496 4352  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:19:59.0543 4352  Msfs - ok
13:19:59.0543 4352  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
13:19:59.0606 4352  mshidkmdf - ok
13:19:59.0621 4352  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:19:59.0637 4352  msisadrv - ok
13:19:59.0668 4352  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
13:19:59.0762 4352  MSiSCSI - ok
13:19:59.0762 4352  msiserver - ok
13:19:59.0777 4352  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
13:19:59.0840 4352  MSKSSRV - ok
13:19:59.0840 4352  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:19:59.0886 4352  MSPCLOCK - ok
13:19:59.0902 4352  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
13:19:59.0949 4352  MSPQM - ok
13:19:59.0980 4352  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
13:20:00.0027 4352  MsRPC - ok
13:20:00.0042 4352  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:20:00.0074 4352  mssmbios - ok
13:20:00.0105 4352  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
13:20:00.0198 4352  MSTEE - ok
13:20:00.0198 4352  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:20:00.0230 4352  MTConfig - ok
13:20:00.0245 4352  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
13:20:00.0276 4352  Mup - ok
13:20:00.0292 4352  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:20:00.0386 4352  napagent - ok
13:20:00.0417 4352  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
13:20:00.0464 4352  NativeWifiP - ok
13:20:00.0510 4352  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:20:00.0573 4352  NDIS - ok
13:20:00.0604 4352  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
13:20:00.0682 4352  NdisCap - ok
13:20:00.0698 4352  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:20:00.0744 4352  NdisTapi - ok
13:20:00.0776 4352  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
13:20:00.0854 4352  Ndisuio - ok
13:20:00.0869 4352  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
13:20:00.0947 4352  NdisWan - ok
13:20:00.0963 4352  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
13:20:01.0041 4352  NDProxy - ok
13:20:01.0072 4352  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
13:20:01.0135 4352  NetBIOS - ok
13:20:01.0167 4352  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
13:20:01.0213 4352  NetBT - ok
13:20:01.0229 4352  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:20:01.0245 4352  Netlogon - ok
13:20:01.0276 4352  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:20:01.0369 4352  Netman - ok
13:20:01.0369 4352  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:20:01.0447 4352  netprofm - ok
13:20:01.0463 4352  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:20:01.0494 4352  NetTcpPortSharing - ok
13:20:01.0510 4352  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
13:20:01.0541 4352  nfrd960 - ok
13:20:01.0572 4352  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:20:01.0666 4352  NlaSvc - ok
13:20:01.0681 4352  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:20:01.0775 4352  Npfs - ok
13:20:01.0791 4352  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
13:20:01.0884 4352  nsi - ok
13:20:01.0900 4352  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:20:01.0962 4352  nsiproxy - ok
13:20:02.0025 4352  [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:20:02.0103 4352  Ntfs - ok
13:20:02.0118 4352  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:20:02.0212 4352  Null - ok
13:20:02.0243 4352  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:20:02.0290 4352  nvraid - ok
13:20:02.0290 4352  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:20:02.0337 4352  nvstor - ok
13:20:02.0352 4352  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:20:02.0383 4352  nv_agp - ok
13:20:02.0399 4352  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:20:02.0430 4352  ohci1394 - ok
13:20:02.0477 4352  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:20:02.0524 4352  ose - ok
13:20:02.0555 4352  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:20:02.0617 4352  p2pimsvc - ok
13:20:02.0649 4352  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:20:02.0680 4352  p2psvc - ok
13:20:02.0711 4352  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
13:20:02.0727 4352  Parport - ok
13:20:02.0758 4352  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
13:20:02.0773 4352  partmgr - ok
13:20:02.0805 4352  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:20:02.0851 4352  PcaSvc - ok
13:20:02.0867 4352  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
13:20:02.0898 4352  pci - ok
13:20:02.0914 4352  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:20:02.0929 4352  pciide - ok
13:20:02.0961 4352  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:20:02.0992 4352  pcmcia - ok
13:20:03.0007 4352  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
13:20:03.0023 4352  pcw - ok
13:20:03.0054 4352  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:20:03.0148 4352  PEAUTH - ok
13:20:03.0195 4352  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
13:20:03.0273 4352  PeerDistSvc - ok
13:20:03.0366 4352  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:20:03.0413 4352  PerfHost - ok
13:20:03.0475 4352  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
13:20:03.0631 4352  pla - ok
13:20:03.0678 4352  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:20:03.0741 4352  PlugPlay - ok
13:20:03.0756 4352  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
13:20:03.0787 4352  PNRPAutoReg - ok
13:20:03.0819 4352  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
13:20:03.0865 4352  PNRPsvc - ok
13:20:03.0881 4352  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
13:20:03.0959 4352  PolicyAgent - ok
13:20:03.0990 4352  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
13:20:04.0053 4352  Power - ok
13:20:04.0099 4352  [ 7A1E6CF32EDFF1F13186997FCA086FC7 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
13:20:04.0131 4352  Power Manager DBC Service - ok
13:20:04.0162 4352  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:20:04.0240 4352  PptpMiniport - ok
13:20:04.0255 4352  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
13:20:04.0302 4352  Processor - ok
13:20:04.0333 4352  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc        C:\Windows\system32\profsvc.dll
13:20:04.0427 4352  ProfSvc - ok
13:20:04.0427 4352  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:20:04.0458 4352  ProtectedStorage - ok
13:20:04.0474 4352  [ 05A4779E4994B21473EDBE85AABE8030 ] psadd          C:\Windows\system32\DRIVERS\psadd.sys
13:20:04.0489 4352  psadd - ok
13:20:04.0521 4352  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:20:04.0599 4352  Psched - ok
13:20:04.0630 4352  [ 20EFF1CA8922F6A834261B985550A51D ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
13:20:04.0645 4352  PwmEWSvc - ok
13:20:04.0708 4352  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:20:04.0786 4352  ql2300 - ok
13:20:04.0817 4352  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:20:04.0848 4352  ql40xx - ok
13:20:04.0848 4352  qsjdfziv - ok
13:20:04.0879 4352  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
13:20:04.0942 4352  QWAVE - ok
13:20:04.0957 4352  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:20:05.0004 4352  QWAVEdrv - ok
13:20:05.0004 4352  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:20:05.0082 4352  RasAcd - ok
13:20:05.0113 4352  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
13:20:05.0160 4352  RasAgileVpn - ok
13:20:05.0176 4352  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
13:20:05.0223 4352  RasAuto - ok
13:20:05.0254 4352  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
13:20:05.0301 4352  Rasl2tp - ok
13:20:05.0332 4352  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:20:05.0394 4352  RasMan - ok
13:20:05.0410 4352  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:20:05.0472 4352  RasPppoe - ok
13:20:05.0472 4352  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
13:20:05.0535 4352  RasSstp - ok
13:20:05.0566 4352  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
13:20:05.0628 4352  rdbss - ok
13:20:05.0659 4352  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:20:05.0675 4352  rdpbus - ok
13:20:05.0691 4352  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:20:05.0784 4352  RDPCDD - ok
13:20:05.0800 4352  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
13:20:05.0847 4352  RDPDR - ok
13:20:05.0847 4352  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:20:05.0909 4352  RDPENCDD - ok
13:20:05.0940 4352  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:20:05.0987 4352  RDPREFMP - ok
13:20:06.0003 4352  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
13:20:06.0065 4352  RDPWD - ok
13:20:06.0081 4352  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:20:06.0127 4352  rdyboost - ok
13:20:06.0143 4352  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:20:06.0221 4352  RemoteAccess - ok
13:20:06.0252 4352  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:20:06.0346 4352  RemoteRegistry - ok
13:20:06.0377 4352  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:20:06.0408 4352  RFCOMM - ok
13:20:06.0424 4352  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:20:06.0486 4352  RpcEptMapper - ok
13:20:06.0502 4352  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:20:06.0549 4352  RpcLocator - ok
13:20:06.0580 4352  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
13:20:06.0673 4352  RpcSs - ok
13:20:06.0705 4352  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:20:06.0783 4352  rspndr - ok
13:20:06.0829 4352  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
13:20:06.0876 4352  RTL8167 - ok
13:20:06.0939 4352  [ FA088015155C4C6DAB5D1D9E68EB9D6B ] RTL8192Ce      C:\Windows\system32\DRIVERS\rtl8192Ce.sys
13:20:07.0017 4352  RTL8192Ce - ok
13:20:07.0032 4352  [ E60C0A09F997826C7627B244195AB581 ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
13:20:07.0079 4352  s3cap - ok
13:20:07.0079 4352  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
13:20:07.0110 4352  SamSs - ok
13:20:07.0126 4352  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:20:07.0157 4352  sbp2port - ok
13:20:07.0173 4352  SBRE - ok
13:20:07.0204 4352  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:20:07.0266 4352  SCardSvr - ok
13:20:07.0297 4352  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:20:07.0375 4352  scfilter - ok
13:20:07.0407 4352  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:20:07.0516 4352  Schedule - ok
13:20:07.0531 4352  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
13:20:07.0578 4352  SCPolicySvc - ok
13:20:07.0609 4352  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:20:07.0625 4352  SDRSVC - ok
13:20:07.0656 4352  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:20:07.0765 4352  secdrv - ok
13:20:07.0781 4352  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:20:07.0843 4352  seclogon - ok
13:20:07.0875 4352  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
13:20:07.0968 4352  SENS - ok
13:20:07.0968 4352  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:20:08.0015 4352  SensrSvc - ok
13:20:08.0031 4352  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
13:20:08.0062 4352  Serenum - ok
13:20:08.0077 4352  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:20:08.0109 4352  Serial - ok
13:20:08.0124 4352  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:20:08.0155 4352  sermouse - ok
13:20:08.0187 4352  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:20:08.0249 4352  SessionEnv - ok
13:20:08.0265 4352  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
13:20:08.0296 4352  sffdisk - ok
13:20:08.0311 4352  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:20:08.0358 4352  sffp_mmc - ok
13:20:08.0358 4352  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
13:20:08.0389 4352  sffp_sd - ok
13:20:08.0421 4352  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
13:20:08.0436 4352  sfloppy - ok
13:20:08.0467 4352  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:20:08.0577 4352  SharedAccess - ok
13:20:08.0608 4352  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:20:08.0670 4352  ShellHWDetection - ok
13:20:08.0701 4352  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:20:08.0733 4352  SiSRaid2 - ok
13:20:08.0748 4352  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:20:08.0779 4352  SiSRaid4 - ok
13:20:08.0826 4352  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
13:20:08.0904 4352  Smb - ok
13:20:08.0935 4352  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:20:08.0982 4352  SNMPTRAP - ok
13:20:09.0013 4352  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
13:20:09.0029 4352  spldr - ok
13:20:09.0076 4352  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler        C:\Windows\System32\spoolsv.exe
13:20:09.0169 4352  Spooler - ok
13:20:09.0263 4352  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:20:09.0372 4352  sppsvc - ok
13:20:09.0388 4352  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
13:20:09.0450 4352  sppuinotify - ok
13:20:09.0481 4352  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
13:20:09.0528 4352  srv - ok
13:20:09.0559 4352  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:20:09.0622 4352  srv2 - ok
13:20:09.0653 4352  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:20:09.0700 4352  srvnet - ok
13:20:09.0731 4352  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
13:20:09.0840 4352  SSDPSRV - ok
13:20:09.0856 4352  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
13:20:09.0918 4352  SstpSvc - ok
13:20:09.0949 4352  [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
13:20:09.0981 4352  ssudmdm - ok
13:20:09.0996 4352  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:20:10.0027 4352  stexstor - ok
13:20:10.0074 4352  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:20:10.0137 4352  stisvc - ok
13:20:10.0152 4352  [ 7785DC213270D2FC066538DAF94087E7 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
13:20:10.0183 4352  storflt - ok
13:20:10.0199 4352  [ C40841817EF57D491F22EB103DA587CC ] StorSvc        C:\Windows\system32\storsvc.dll
13:20:10.0261 4352  StorSvc - ok
13:20:10.0277 4352  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc        C:\Windows\system32\drivers\storvsc.sys
13:20:10.0308 4352  storvsc - ok
13:20:10.0371 4352  [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService      C:\Program Files (x86)\Lenovo\System Update\SUService.exe
13:20:10.0402 4352  SUService - ok
13:20:10.0417 4352  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:20:10.0449 4352  swenum - ok
13:20:10.0480 4352  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
13:20:10.0620 4352  swprv - ok
13:20:10.0683 4352  [ FFBE7C45999252C3131CBDD05E2FA135 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
13:20:10.0761 4352  SynTP - ok
13:20:10.0792 4352  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
13:20:10.0870 4352  SysMain - ok
13:20:10.0901 4352  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:20:10.0917 4352  TabletInputService - ok
13:20:10.0948 4352  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
13:20:10.0995 4352  TapiSrv - ok
13:20:11.0026 4352  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
13:20:11.0073 4352  TBS - ok
13:20:11.0135 4352  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
13:20:11.0260 4352  Tcpip - ok
13:20:11.0291 4352  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:20:11.0369 4352  TCPIP6 - ok
13:20:11.0385 4352  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:20:11.0431 4352  tcpipreg - ok
13:20:11.0463 4352  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:20:11.0509 4352  TDPIPE - ok
13:20:11.0541 4352  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
13:20:11.0587 4352  TDTCP - ok
13:20:11.0619 4352  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
13:20:11.0712 4352  tdx - ok
13:20:11.0728 4352  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:20:11.0759 4352  TermDD - ok
13:20:11.0790 4352  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
13:20:11.0884 4352  TermService - ok
13:20:11.0899 4352  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:20:11.0931 4352  Themes - ok
13:20:11.0946 4352  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
13:20:11.0993 4352  THREADORDER - ok
13:20:12.0024 4352  [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF        C:\Windows\system32\drivers\Tppwr64v.sys
13:20:12.0040 4352  TPPWRIF - ok
13:20:12.0071 4352  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:20:12.0149 4352  TrkWks - ok
13:20:12.0196 4352  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:20:12.0258 4352  TrustedInstaller - ok
13:20:12.0289 4352  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:20:12.0352 4352  tssecsrv - ok
13:20:12.0383 4352  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:20:12.0430 4352  TsUsbFlt - ok
13:20:12.0461 4352  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:20:12.0570 4352  tunnel - ok
13:20:12.0586 4352  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:20:12.0617 4352  uagp35 - ok
13:20:12.0633 4352  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:20:12.0711 4352  udfs - ok
13:20:12.0742 4352  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
13:20:12.0773 4352  UI0Detect - ok
13:20:12.0789 4352  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:20:12.0804 4352  uliagpkx - ok
13:20:12.0835 4352  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
13:20:12.0867 4352  umbus - ok
13:20:12.0882 4352  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:20:12.0929 4352  UmPass - ok
13:20:12.0960 4352  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
13:20:13.0007 4352  UmRdpService - ok
13:20:13.0038 4352  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:20:13.0116 4352  upnphost - ok
13:20:13.0147 4352  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
13:20:13.0179 4352  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
13:20:13.0179 4352  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
13:20:13.0210 4352  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
13:20:13.0241 4352  usbccgp - ok
13:20:13.0272 4352  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:20:13.0303 4352  usbcir - ok
13:20:13.0335 4352  [ 74EE782B1D9C241EFE425565854C661C ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
13:20:13.0397 4352  usbehci - ok
13:20:13.0413 4352  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\drivers\usbhub.sys
13:20:13.0444 4352  usbhub - ok
13:20:13.0459 4352  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
13:20:13.0491 4352  usbohci - ok
13:20:13.0491 4352  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:20:13.0537 4352  usbprint - ok
13:20:13.0553 4352  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
13:20:13.0615 4352  usbscan - ok
13:20:13.0631 4352  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:20:13.0678 4352  USBSTOR - ok
13:20:13.0709 4352  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
13:20:13.0818 4352  usbuhci - ok
13:20:13.0912 4352  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:20:13.0959 4352  usbvideo - ok
13:20:13.0974 4352  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
13:20:14.0083 4352  UxSms - ok
13:20:14.0099 4352  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:20:14.0115 4352  VaultSvc - ok
13:20:14.0146 4352  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:20:14.0161 4352  vdrvroot - ok
13:20:14.0208 4352  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
13:20:14.0317 4352  vds - ok
13:20:14.0349 4352  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
13:20:14.0380 4352  vga - ok
13:20:14.0395 4352  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
13:20:14.0458 4352  VgaSave - ok
13:20:14.0473 4352  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
13:20:14.0505 4352  vhdmp - ok
13:20:14.0520 4352  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:20:14.0536 4352  viaide - ok
13:20:14.0551 4352  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus          C:\Windows\system32\drivers\vmbus.sys
13:20:14.0567 4352  vmbus - ok
13:20:14.0583 4352  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:20:14.0598 4352  VMBusHID - ok
13:20:14.0614 4352  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:20:14.0629 4352  volmgr - ok
13:20:14.0661 4352  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
13:20:14.0676 4352  volmgrx - ok
13:20:14.0723 4352  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
13:20:14.0754 4352  volsnap - ok
13:20:14.0801 4352  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
13:20:14.0848 4352  vsmraid - ok
13:20:14.0895 4352  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
13:20:15.0004 4352  VSS - ok
13:20:15.0019 4352  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:20:15.0035 4352  vwifibus - ok
13:20:15.0051 4352  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:20:15.0066 4352  vwififlt - ok
13:20:15.0082 4352  vyhqrvwu - ok
13:20:15.0097 4352  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
13:20:15.0160 4352  W32Time - ok
13:20:15.0175 4352  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:20:15.0207 4352  WacomPen - ok
13:20:15.0238 4352  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:20:15.0316 4352  WANARP - ok
13:20:15.0331 4352  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:20:15.0378 4352  Wanarpv6 - ok
13:20:15.0425 4352  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:20:15.0487 4352  wbengine - ok
13:20:15.0503 4352  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:20:15.0534 4352  WbioSrvc - ok
13:20:15.0565 4352  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
13:20:15.0597 4352  wcncsvc - ok
13:20:15.0612 4352  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:20:15.0628 4352  WcsPlugInService - ok
13:20:15.0643 4352  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:20:15.0659 4352  Wd - ok
13:20:15.0690 4352  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:20:15.0721 4352  Wdf01000 - ok
13:20:15.0737 4352  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:20:15.0815 4352  WdiServiceHost - ok
13:20:15.0831 4352  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
13:20:15.0862 4352  WdiSystemHost - ok
13:20:15.0877 4352  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
13:20:15.0909 4352  WebClient - ok
13:20:15.0924 4352  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:20:15.0987 4352  Wecsvc - ok
13:20:16.0002 4352  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
13:20:16.0065 4352  wercplsupport - ok
13:20:16.0080 4352  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:20:16.0127 4352  WerSvc - ok
13:20:16.0174 4352  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:20:16.0221 4352  WfpLwf - ok
13:20:16.0221 4352  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:20:16.0236 4352  WIMMount - ok
13:20:16.0268 4352  WinDefend - ok
13:20:16.0268 4352  WinHttpAutoProxySvc - ok
13:20:16.0330 4352  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
13:20:16.0439 4352  Winmgmt - ok
13:20:16.0502 4352  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
13:20:16.0642 4352  WinRM - ok
13:20:16.0673 4352  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:20:16.0704 4352  WinUsb - ok
13:20:16.0751 4352  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
13:20:16.0798 4352  Wlansvc - ok
13:20:16.0829 4352  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
13:20:16.0876 4352  WmiAcpi - ok
13:20:16.0907 4352  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:20:16.0970 4352  wmiApSrv - ok
13:20:17.0001 4352  WMPNetworkSvc - ok
13:20:17.0016 4352  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:20:17.0063 4352  WPCSvc - ok
13:20:17.0094 4352  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:20:17.0141 4352  WPDBusEnum - ok
13:20:17.0157 4352  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
13:20:17.0219 4352  ws2ifsl - ok
13:20:17.0250 4352  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
13:20:17.0282 4352  wscsvc - ok
13:20:17.0282 4352  WSearch - ok
13:20:17.0360 4352  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:20:17.0453 4352  wuauserv - ok
13:20:17.0469 4352  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:20:17.0578 4352  WudfPf - ok
13:20:17.0625 4352  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:20:17.0703 4352  WUDFRd - ok
13:20:17.0718 4352  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
13:20:17.0765 4352  wudfsvc - ok
13:20:17.0781 4352  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
13:20:17.0828 4352  WwanSvc - ok
13:20:17.0843 4352  ================ Scan global ===============================
13:20:17.0859 4352  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:20:17.0890 4352  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:20:17.0890 4352  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:20:17.0937 4352  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:20:17.0952 4352  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:20:17.0952 4352  [Global] - ok
13:20:17.0952 4352  ================ Scan MBR ==================================
13:20:17.0968 4352  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:20:18.0327 4352  \Device\Harddisk0\DR0 - ok
13:20:18.0327 4352  ================ Scan VBR ==================================
13:20:18.0342 4352  [ CD8B4DD822B82F7F99F633EC54E1617A ] \Device\Harddisk0\DR0\Partition1
13:20:18.0342 4352  \Device\Harddisk0\DR0\Partition1 - ok
13:20:18.0358 4352  [ 0C71FEECFCE4E3ADE6211890BB97154B ] \Device\Harddisk0\DR0\Partition2
13:20:18.0358 4352  \Device\Harddisk0\DR0\Partition2 - ok
13:20:18.0358 4352  ============================================================
13:20:18.0358 4352  Scan finished
13:20:18.0358 4352  ============================================================
13:20:18.0374 3172  Detected object count: 1
13:20:18.0374 3172  Actual detected object count: 1
13:20:28.0326 3172  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:28.0326 3172  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 12.10.2012 14:50
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

prinzhessin 14.10.2012 15:14
Liste der Anhänge anzeigen (Anzahl: 2)
Ich muss dazu sagen, dass ich Probleme mit dem Combofix hatte. Beim ersten Start erhielt ich die Meldung "Fehler beim Überschreiben...." siehe Anhang- ich bin auf ignorieren gegangen.
Bei Stufe 48 hat sich mein PC komplett aufgehängt und ich habe ihn neu gestartet.

Beim zweiten Versuch kam ich bis zum zweiten Anhang, danach hat sich über mehrere Stunden gar nichts getan. Nach ca. 7 Stunden habe ich es dann selbst abgebrochen.

Beim heutigen dritten Versuch hat es endlich nach 20 Minuten geklappt:

Code:
ComboFix 12-10-14.03 - *** 14.10.2012  14:13:42.3.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3893.2233 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Roaming
c:\users\***\4.0
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-14 bis 2012-10-14  ))))))))))))))))))))))))))))))
.
.
2012-10-14 12:58 . 2012-10-14 12:58        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-14 12:58 . 2012-10-14 12:58        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-10-14 01:50 . 2012-10-14 01:50        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7839C35-E290-440F-BEEE-4FCEA1060F96}\offreg.dll
2012-10-13 08:46 . 2012-10-13 08:46        96224        ----a-w-        c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-13 08:46 . 2012-10-13 08:46        157272        ----a-w-        c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-12 13:07 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7839C35-E290-440F-BEEE-4FCEA1060F96}\mpengine.dll
2012-10-11 18:44 . 2012-10-11 18:44        --------        d-----w-        C:\_OTL
2012-10-05 13:39 . 2012-10-05 13:39        --------        d-----w-        c:\program files (x86)\ESET
2012-10-03 09:22 . 2012-10-03 09:23        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-03 09:22 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-28 16:14 . 2012-08-21 11:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\program files\iPod
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\program files\iTunes
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\program files (x86)\iTunes
2012-09-22 13:46 . 2012-08-24 18:03        9056256        ----a-w-        c:\windows\system32\mshtml.dll
2012-09-22 13:46 . 2012-08-24 18:02        12295680        ----a-w-        c:\windows\system32\ieframe.dll
2012-09-22 13:46 . 2012-08-24 18:03        735744        ----a-w-        c:\windows\system32\msfeeds.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:25 . 2011-11-04 18:10        65309168        ----a-w-        c:\windows\system32\MRT.exe
2012-10-10 18:34 . 2012-04-02 17:06        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 18:34 . 2011-11-02 18:53        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 09:22 . 2012-07-27 07:27        60320        ----a-w-        c:\windows\system32\drivers\PktIcpt.sys
2012-09-28 15:56 . 2012-07-27 07:27        54176        ----a-w-        c:\windows\system32\drivers\GDBehave.sys
2012-09-28 15:56 . 2012-07-27 07:27        126880        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys
2012-09-28 15:56 . 2012-07-27 07:27        64416        ----a-w-        c:\windows\system32\drivers\gdwfpcd64.sys
2012-09-02 13:54 . 2012-09-02 13:54        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-09-02 13:54 . 2012-09-02 13:54        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-02 13:54 . 2011-11-27 09:54        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-08-22 18:12 . 2012-09-12 16:25        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 16:25        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:25        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 11:01 . 2012-07-08 18:36        125872        ----a-w-        c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-07-08 18:36        106928        ----a-w-        c:\windows\SysWow64\GEARAspi.dll
2012-07-27 07:27 . 2012-07-27 07:27        64376        ----a-w-        c:\windows\system32\drivers\HookCentre.sys
2012-07-18 18:15 . 2012-08-14 18:53        3148800        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-07-04 1605992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 avqferzi;avqferzi;c:\windows\system32\drivers\avqferzi.sys [x]
R1 bknyckwb;bknyckwb;c:\windows\system32\drivers\bknyckwb.sys [x]
R1 ddrbijkc;ddrbijkc;c:\windows\system32\drivers\ddrbijkc.sys [x]
R1 qsjdfziv;qsjdfziv;c:\windows\system32\drivers\qsjdfziv.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R1 vyhqrvwu;vyhqrvwu;c:\windows\system32\drivers\vyhqrvwu.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-07-04 83304]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-09-28 54176]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-09-28 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-09-28 64416]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-07-27 64376]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-07-04 148840]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-11-01 54824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-09-29 60320]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-24 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-24 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-24 417304]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
  00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
.
Zeit der Fertigstellung: 2012-10-14  16:00:52
ComboFix-quarantined-files.txt  2012-10-14 14:00
.
Vor Suchlauf: 10 Verzeichnis(se), 198.765.957.120 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 198.630.305.792 Bytes frei
.
- - End Of File - - CB41F98FC80CA15F34A2472729AAAB55

cosinus 14.10.2012 19:29
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Driver::
avqferzi
bknyckwb
ddrbijkc
qsjdfziv
vyhqrvwu

File::
c:\windows\system32\drivers\avqferzi.sys
c:\windows\system32\drivers\bknyckwb.sys
c:\windows\system32\drivers\ddrbijkc.sys
c:\windows\system32\drivers\qsjdfziv.sys
c:\windows\system32\drivers\vyhqrvwu.sys
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

prinzhessin 15.10.2012 20:34
Beim dritten Versucht hat es geklappt.
Code:
ComboFix 12-10-15.01 - *** 15.10.2012  21:11:57.6.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3893.2507 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\drivers\avqferzi.sys"
"c:\windows\system32\drivers\bknyckwb.sys"
"c:\windows\system32\drivers\ddrbijkc.sys"
"c:\windows\system32\drivers\qsjdfziv.sys"
"c:\windows\system32\drivers\vyhqrvwu.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_avqferzi
-------\Service_bknyckwb
-------\Service_ddrbijkc
-------\Service_qsjdfziv
-------\Service_vyhqrvwu
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-15 bis 2012-10-15  ))))))))))))))))))))))))))))))
.
.
2012-10-15 19:22 . 2012-10-15 19:22        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-15 19:22 . 2012-10-15 19:22        --------        d-----w-        c:\users\Bea\AppData\Local\temp
2012-10-14 01:50 . 2012-10-14 01:50        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7839C35-E290-440F-BEEE-4FCEA1060F96}\offreg.dll
2012-10-13 08:46 . 2012-10-13 08:46        96224        ----a-w-        c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-13 08:46 . 2012-10-13 08:46        157272        ----a-w-        c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-12 13:07 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7839C35-E290-440F-BEEE-4FCEA1060F96}\mpengine.dll
2012-10-11 18:44 . 2012-10-11 18:44        --------        d-----w-        C:\_OTL
2012-10-05 13:39 . 2012-10-05 13:39        --------        d-----w-        c:\program files (x86)\ESET
2012-10-03 09:22 . 2012-10-03 09:23        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-03 09:22 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-28 16:14 . 2012-08-21 11:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\program files\iPod
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\program files\iTunes
2012-09-28 16:14 . 2012-09-28 16:14        --------        d-----w-        c:\program files (x86)\iTunes
2012-09-22 13:46 . 2012-08-24 18:03        9056256        ----a-w-        c:\windows\system32\mshtml.dll
2012-09-22 13:46 . 2012-08-24 18:02        12295680        ----a-w-        c:\windows\system32\ieframe.dll
2012-09-22 13:46 . 2012-08-24 18:03        735744        ----a-w-        c:\windows\system32\msfeeds.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:25 . 2011-11-04 18:10        65309168        ----a-w-        c:\windows\system32\MRT.exe
2012-10-10 18:34 . 2012-04-02 17:06        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 18:34 . 2011-11-02 18:53        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 09:22 . 2012-07-27 07:27        60320        ----a-w-        c:\windows\system32\drivers\PktIcpt.sys
2012-09-28 15:56 . 2012-07-27 07:27        54176        ----a-w-        c:\windows\system32\drivers\GDBehave.sys
2012-09-28 15:56 . 2012-07-27 07:27        126880        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys
2012-09-28 15:56 . 2012-07-27 07:27        64416        ----a-w-        c:\windows\system32\drivers\gdwfpcd64.sys
2012-09-02 13:54 . 2012-09-02 13:54        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-09-02 13:54 . 2012-09-02 13:54        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-02 13:54 . 2011-11-27 09:54        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-08-22 18:12 . 2012-09-12 16:25        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 16:25        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:25        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 11:01 . 2012-07-08 18:36        125872        ----a-w-        c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-07-08 18:36        106928        ----a-w-        c:\windows\SysWow64\GEARAspi.dll
2012-07-27 07:27 . 2012-07-27 07:27        64376        ----a-w-        c:\windows\system32\drivers\HookCentre.sys
2012-07-18 18:15 . 2012-08-14 18:53        3148800        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-07-04 1605992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-07-04 83304]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-09-28 54176]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-09-28 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-09-28 64416]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-07-27 64376]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-07-04 148840]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-11-01 54824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-09-29 60320]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-24 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-24 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-24 417304]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\**\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vx4h4iou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
  00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-15  21:28:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-15 19:28
ComboFix2.txt  2012-10-14 14:00
.
Vor Suchlauf: 14 Verzeichnis(se), 198.272.622.592 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 197.798.793.216 Bytes frei
.
- - End Of File - - 7B661CDC8C55FE3D10C19249BCD97B5F

cosinus 16.10.2012 15:12
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

prinzhessin 16.10.2012 20:17
Ist das so richtig? Mehr habe ich nicht rausbekommen.

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-16 20:44:49
Windows 6.1.7601 Service Pack 1
Running: l6mexzte.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4695add                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4695add (not active ControlSet) 

---- EOF - GMER 1.0.15 ----
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:01:16 on 16.10.2012

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 16.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PWMCP64V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP64V.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL64) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl64.sys
"Bluetooth AVDT" (btwavdt) - ? - C:\Windows\System32\drivers\btwavdt.sys  (File not found)
"Bluetooth L2CAP Service" (btwl2cap) - ? - C:\Windows\System32\DRIVERS\btwl2cap.sys  (File not found)
"Bluetooth-Audiogerät" (btwaudio) - ? - C:\Windows\System32\drivers\btwaudio.sys  (File not found)
"btwrchid" (btwrchid) - ? - C:\Windows\System32\DRIVERS\btwrchid.sys  (File not found)
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"G Data WFP CD" (gdwfpcd) - "G Data Software AG" - C:\Windows\System32\drivers\gdwfpcd64.sys
"GDBehave" (GDBehave) - "G Data Software AG" - C:\Windows\System32\drivers\GDBehave.sys
"GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys
"GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys
"HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"SBRE" (SBRE) - ? - C:\Windows\system32\drivers\SBREdrv.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\OFFICE11\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\OFFICE11\OLKFSTUB.DLL
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{816BE035-1450-40D0-8A3B-BA7825A83A77} "IASRunner Class" - "Lenovo (United States) Inc" - C:\Program Files (x86)\Lenovo\AcpIRExe\AcpIRExe.exe / hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_4_402_287.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} "G Data BankGuard" - "G Data Software AG" - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"KiesPDLR" - ? - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"KiesPreload" - "Samsung" - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"FreePDF Assistant" - "shbox.de" - "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
"G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
"GDFirewallTray" - "G Data Software AG" - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
"PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
"G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
"G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
"G Data Personal Firewall" (GDFwSvc) - "G Data Software AG" - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
"G Data Scanner" (GDScan) - "G Data Software AG" - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
"G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
"System Update" (SUService) - "Lenovo Group Limited" - C:\Program Files (x86)\Lenovo\System Update\SUService.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-16 21:03:15
-----------------------------
21:03:15.393    OS Version: Windows x64 6.1.7601 Service Pack 1
21:03:15.393    Number of processors: 2 586 0x2505
21:03:15.393    ComputerName: NADJALAPTOP  UserName: Nadja
21:03:16.595    Initialize success
21:08:12.826    AVAST engine defs: 12101600
21:09:48.845    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:09:48.845    Disk 0 Vendor: HITACHI_HTS723232A7A364 EC2ZB70R Size: 305245MB BusType: 11
21:09:48.860    Disk 0 MBR read successfully
21:09:48.860    Disk 0 MBR scan
21:09:48.876    Disk 0 Windows 7 default MBR code
21:09:48.876    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:09:48.891    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      305143 MB offset 206848
21:09:48.907    Disk 0 scanning C:\Windows\system32\drivers
21:09:58.844    Service scanning
21:10:25.817    Modules scanning
21:10:25.817    Disk 0 trace - called modules:
21:10:25.926    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:10:25.941    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b41680]
21:10:25.941    3 CLASSPNP.SYS[fffff880019a043f] -> nt!IofCallDriver -> [0xfffffa80049732d0]
21:10:25.957    5 ACPI.sys[fffff88000f8b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004975060]
21:10:27.002    AVAST engine scan C:\Windows
21:10:29.763    AVAST engine scan C:\Windows\system32
21:13:02.726    AVAST engine scan C:\Windows\system32\drivers
21:13:16.235    AVAST engine scan C:\Users\Nadja
21:15:21.722    Disk 0 MBR has been saved successfully to "C:\Users\Nadja\Desktop\MBR.dat"
21:15:21.738    The log file has been saved successfully to "C:\Users\Nadja\Desktop\aswMBR.txt"

cosinus 17.10.2012 13:53
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

prinzhessin 17.10.2012 22:16
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Nadja :: NADJALAPTOP [Administrator]

17.10.2012 19:48:18
mbam-log-2012-10-17 (19-48-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410550
Laufzeit: 1 Stunde(n), 3 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/17/2012 at 11:03 PM

Application Version : 5.6.1010

Core Rules Database Version : 9423
Trace Rules Database Version: 7235

Scan type      : Complete Scan
Total Scan Time : 02:01:44

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 615
Memory threats detected  : 0
Registry items scanned    : 75346
Registry threats detected : 0
File items scanned        : 153893
File threats detected    : 330

Adware.Tracking Cookie
        C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Cookies\HCMV5JS6.txt [ /xiti.com ]
        C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Cookies\LKATGMTD.txt [ /unitymedia.de ]
        C:\Users\Nadja\AppData\Roaming\Microsoft\Windows\Cookies\ZQPRQ1FV.txt [ /ad.dyntracker.de ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EFOO3LER.txt [ Cookie:bea@smartadserver.com/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZB27N5Z.txt [ Cookie:bea@apmebf.com/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4MTGDO0M.txt [ Cookie:bea@microsoftinternetexplorer.112.2o7.net/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3JS48CJL.txt [ Cookie:bea@adfarm1.adition.com/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HHT74FLJ.txt [ Cookie:bea@ad3.adfarm1.adition.com/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\O0CQV5WS.txt [ Cookie:bea@ww251.smartadserver.com/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CLFAOINV.txt [ Cookie:bea@www.googleadservices.com/pagead/conversion/1057167729/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\B5YMBDKX.txt [ Cookie:bea@c.atdmt.com/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\5JLF3KUS.txt [ Cookie:bea@komtrack.com/tr/102380 ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\85DSHM32.txt [ Cookie:bea@ad.zanox.com/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JF4HAVSE.txt [ Cookie:bea@fastclick.net/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\N17XP2SV.txt [ Cookie:bea@atdmt.com/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JD13OEGD.txt [ Cookie:bea@doubleclick.net/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6F17N1FH.txt [ Cookie:bea@amazon-adsystem.com/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\1Z751G8Z.txt [ Cookie:bea@www.googleadservices.com/pagead/conversion/1065494887/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\N8MALOSA.txt [ Cookie:bea@ad.yieldmanager.com/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\QF00O58R.txt [ Cookie:bea@serving-sys.com/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EJD7TZT3.txt [ Cookie:bea@zanox.com/ ]
        C:\USERS\BEA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q5QDVFR2.txt [ Cookie:bea@mediaplex.com/ ]
        C:\USERS\NADJA\AppData\Roaming\Microsoft\Windows\Cookies\Low\nadja@tracking.tchibo[1].txt [ Cookie:nadja@tracking.tchibo.de/683553670525906/ ]
        C:\USERS\NADJA\Cookies\HCMV5JS6.txt [ Cookie:nadja@xiti.com/ ]
        C:\USERS\NADJA\Cookies\LKATGMTD.txt [ Cookie:nadja@unitymedia.de/ ]
        C:\USERS\NADJA\Cookies\ZQPRQ1FV.txt [ Cookie:nadja@ad.dyntracker.de/ ]
        .xiti.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        tracking.tchibo.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        clicks.coolsearchnow.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .rezidor.112.2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        tracking.sim-technik.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        media3.tchibo-content.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .mmstat.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .bwincom.122.2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .dailymotionpoc.112.2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .tns-counter.ru [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        bridge.sf.admarketplace.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .admarketplace.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        track.zalando.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .oms.122.2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .neckermannde.122.2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        tracking.porsche.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        tracking.porsche.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        media2.tchibo-content.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        tracking.mlsat02.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .tracking.mindshare.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.thelabelfinder.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        media4.tchibo-content.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        nedstat.hostelbookers.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        nedstat.hostelbookers.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        7.rotator.trafficbee.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        7.rotator.trafficbee.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        7.rotator.trafficbee.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        7.rotator.trafficbee.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        ads.crakmedia.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        server.lon.liveperson.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .shinystat.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .olympiaverlag.122.2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.omediatrack.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .stats.paypal.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        labelfinder.glamour.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.thelabelfinder.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        labelfinder.glamour.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        labelfinder.glamour.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        labelfinder.glamour.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        labelfinder.glamour.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        reztrack.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        reztrack.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        reztrack.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        reztrack.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        reztrack.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        reztrack.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .cunda.122.2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .atrack.allposters.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .ikea.122.2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        click.primosearch.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        insight.torbit.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .stepstone.112.2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        media1.tchibo-content.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .cewecolor.112.2o7.net [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]
        media.mtvnservices.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9K5DGTHZ ]
        secure-uk.imrworldwide.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9K5DGTHZ ]
        www.page-counter.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        stats.dnnmetrics.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .www.multicounter.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        stat.aldi.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .viewablemedia.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        tracking.tchibo.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.counter-go.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .nissaneurope.112.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .olympiaverlag.122.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .austrianairlines.122.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .autoscout24.112.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .accsatourism.112.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .sevenoneintermedia.112.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .stockholmbusinessregion.122.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .vodafonegroup.122.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .nhhotelessa.112.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        toi-rvp-ticker-01.odmedia.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .hairfinder.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .de.hairfinder.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .de.hairfinder.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .de.hairfinder.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .getclicky.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .static.getclicky.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        tracking.dc-storm.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        tracking.dc-storm.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .tracker.icerocket.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .tracker.icerocket.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .urlaubs-countdown.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .urlaubs-countdown.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .urlaubs-countdown.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        toi-rvp-ticker-01.odmedia.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        api.skyscanner.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        api.skyscanner.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        api.skyscanner.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .msnportal.112.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .cunda.122.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        toi-rvp-ticker-01.odmedia.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        sso-de.bestofmedia.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QUYVA3C7.DEFAULT\COOKIES.SQLITE ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@ATDMT[1].TXT [ /ATDMT ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@TRADEDOUBLER[3].TXT [ /TRADEDOUBLER ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@ATDMT[3].TXT [ /ATDMT ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@ADFARM1.ADITION[3].TXT [ /ADFARM1.ADITION ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@ADX.CHIP[1].TXT [ /ADX.CHIP ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@SMARTADSERVER[1].TXT [ /SMARTADSERVER ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@APMEBF[1].TXT [ /APMEBF ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@TRACKING.HANNOVERSCHE[1].TXT [ /TRACKING.HANNOVERSCHE ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@WWW.ACTIVE-TRACKING[2].TXT [ /WWW.ACTIVE-TRACKING ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@SERVING-SYS[2].TXT [ /SERVING-SYS ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@TRACK.ADFORM[2].TXT [ /TRACK.ADFORM ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@WEBORAMA[2].TXT [ /WEBORAMA ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@REVSCI[1].TXT [ /REVSCI ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@STATCOUNTER[1].TXT [ /STATCOUNTER ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@ADCENTRICONLINE[2].TXT [ /ADCENTRICONLINE ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@ADTECH[1].TXT [ /ADTECH ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@ATDMT.COMBING[2].TXT [ /ATDMT.COMBING ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@QUESTIONMARKET[1].TXT [ /QUESTIONMARKET ]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\COOKIES\NADJA@WWW.ZANOX-AFFILIATE[1].TXT [ /WWW.ZANOX-AFFILIATE ]
        .divx.112.2o7.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bs.serving-sys.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad1.adfarm1.adition.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .questionmarket.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .questionmarket.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .h.atdmt.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .h.atdmt.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .h.atdmt.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .h.atdmt.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unitymedia.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unitymedia.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox-affiliate.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .traffictrack.de [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad2.adfarm1.adition.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-FraudTool[Tiny]
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\.#\MBX@2BC@383FC0.###
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\.#\MBX@5D8@383FC0.###
        C:\USERS\NADJA\DESKTOP\NADJA_NEU\DOKUMENTE UND EINSTELLUNGEN\NADJA\ANWENDUNGSDATEN\.#\MBX@D70@383FC0.###
Was mache ich mit den Funden? Gehe ich auf "Remove Threats"?

cosinus 18.10.2012 09:24
Code:
UAC On - Limited User
Wie hast du sasw gestartet? Einfach per Doppelklick?

Bitte so wie es in der Anleitung steht auch ausführen!

Zitat:
Zitat von cosinus (Beitrag 324870)
Teil 2: Programm ausführen
Das Programm wurde nun installiert, eine Verknüpfung auf dem Desktop sollte erstellt worden sein. Nachdem du es gestartet hast, wird es sich erstmalig beim Updateserver nach neuen Schädlingssignaturen umsehen und Updates installieren. Diesen Vorgang NICHT abbrechen!

Benutzer mit Windows Vista und Windows 7 starten das Tool bitte wieder per Rechtsklick => als Administrator ausführen!

prinzhessin 18.10.2012 20:26
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/18/2012 at 09:25 PM

Application Version : 5.6.1010

Core Rules Database Version : 9431
Trace Rules Database Version: 7243

Scan type      : Complete Scan
Total Scan Time : 01:53:03

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 646
Memory threats detected  : 0
Registry items scanned    : 71562
Registry threats detected : 0
File items scanned        : 156054
File threats detected    : 118

Adware.Tracking Cookie
        .doubleclick.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .rcci.122.2o7.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        bridge.sf.admarketplace.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .admarketplace.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        stats.crsend.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        stats.crsend.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        stats.crsend.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        click.primosearch.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        click.primosearch.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        www2.findbest-games.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .weboramapublishertrackinguk2.solution.weborama.fr [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .weboramapublishertrackinguk2.solution.weborama.fr [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\BEA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7QPAA1S.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\NADJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VX4H4IOU.DEFAULT\COOKIES.SQLITE ]

cosinus 18.10.2012 21:04
Sieht ok aus, da wurden nur Cookies und Überreste gefunden, die können alle weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

prinzhessin 24.10.2012 20:48
Hatte bis jetzt keine Probleme mehr, vielen lieben Dank für die Unterstützung! :daumenhoc

cosinus 24.10.2012 21:14
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131