Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Österreichischer Polizei Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.10.2012, 16:01   #16
mike-E-boy
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Und die Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 15.10.2012 16:08:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 4,06 Gb Available Physical Memory | 68,74% Memory free
11,82 Gb Paging File | 9,96 Gb Available in Paging File | 84,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,45 Gb Total Space | 181,93 Gb Free Space | 65,10% Space Free | Partition Type: NTFS
Drive D: | 394,18 Gb Total Space | 318,00 Gb Free Space | 80,67% Space Free | Partition Type: NTFS
Drive F: | 824,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MICHAEL_LAPTOP | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{044E1F4B-E8A5-43AC-845D-36F861A87117}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{12DE5854-B0A2-4EF2-86BB-49EB0CB82229}" = rport=445 | protocol=6 | dir=out | app=system | 
"{27E5747F-F97C-4297-BC77-25F215CEB041}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3F1313E5-EF72-4CFB-A6C4-43797C8040B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3FA5E3C1-B437-485B-BF0B-BC53C0CB5450}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{40DD7317-85E7-44B7-A54D-3039D1CE84EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4A346BF2-2531-4CB9-971E-BE4CA5096A5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{562EABD3-33D2-44BC-BDF1-EDA1C9913594}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{57A02C8A-9239-44B0-B4DB-A7EE65483809}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5C79F3C3-5852-4E60-AB1E-89079D958EED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{78FE3422-8F8F-4694-9C8E-BE590F1CE670}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9954EAF6-C462-46D1-AF17-159E5814101C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{99D6532B-F41D-4DB7-896E-FE813E403CD7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9F85D1CE-2D9B-4923-A456-53C988143ADF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{B23FC6EA-8D46-498B-8F50-58197DA92461}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B9B0D9DD-8105-4D13-A9FF-495764FE6B63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CB530934-AD2A-4B50-A3BC-4463EFAF3886}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CB9C5DE2-03B3-4603-9E98-C0149603E18D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CC80817E-C43B-4EAC-86C1-2605FFF6F5FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FAE4EF23-3E6F-49B5-B432-5349873F32DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0523ED9E-0213-4331-B11E-E8D10FA838E0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{08E66910-5C12-4E8B-BAD5-F11B5FF7760A}" = protocol=6 | dir=in | app=d:\program files (x86)\setup_a1wlanassistent.exe | 
"{0963FB9C-9BB4-4597-A6B2-99616A57B011}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0AA438DC-D72C-4BCF-97F4-A16D677C73AB}" = protocol=17 | dir=in | app=d:\program files (x86)\combat arms eu\nmservice.exe | 
"{1290E93B-4C1B-47E3-8D14-C147909BD63A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1BB21591-5E98-47A2-AE10-395B97DEF1B8}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{1D70738D-667F-43F1-A7AA-DCB0D13D6176}" = protocol=6 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{1DC05F9A-BB48-4B89-9C37-92011DE86366}" = protocol=6 | dir=in | app=d:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{201B968E-17E0-48CA-85CC-899374711506}" = protocol=17 | dir=in | app=d:\program files (x86)\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{2055BCAD-8A8D-4DA4-8151-E2B2E572C510}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2765AB02-D6E4-4F3E-902B-18C6457CA8DF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{30B31025-DF1A-4952-B226-F8EE3B6CDE3B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{392A386E-36BA-42C3-AE4A-99F6D9C0C0B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{400A809F-69C9-44A4-AB30-BA8D28C3FED3}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{41F80F70-C049-425B-AF56-20D4A48BEEE4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{464F8459-3906-4F68-8B86-AABE7E857833}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{46914360-EA41-44F7-BAB1-1870DF75FAC4}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{48AAE38F-0D22-49C8-A494-328BC7A6AD03}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{497CAE52-D0A8-49B3-AC29-A7371BC6F00E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4DE2564F-B295-4EA0-BB1C-B8342DBF67CA}" = protocol=17 | dir=in | app=d:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{4E7938E8-5BF2-4D28-9ED2-7F0EF95B7432}" = protocol=17 | dir=in | app=d:\program files (x86)\vuze\azureus.exe | 
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{51B98E8A-3BD5-46A0-8344-D8E9D2E32EEA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{549CCD82-E655-4E00-8D39-EED18B85101A}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{57DBC786-7055-4189-BC95-297EDCD8D2AC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5AB110E5-72BF-48D7-B110-53E693DF19AC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{5C1FA3EB-1428-4138-BE04-FD2F6611AC8A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{612AB4EE-345A-4C27-B2D2-75B8059E9389}" = protocol=17 | dir=in | app=d:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{68E507A1-918E-4064-BC61-4E908A17296B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{6C6CBC86-983C-4BB6-B48D-5BFA37503B8F}" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6F4C6871-2A98-426F-B99F-7AF8F0151E29}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{80A23281-5625-4C06-8AF1-6418ED1AF419}" = protocol=17 | dir=in | app=d:\program files (x86)\setup_a1wlanassistent.exe | 
"{81F4818F-7311-40CE-932A-0376F8FB0ECE}" = protocol=6 | dir=in | app=d:\program files (x86)\vuze\azureus.exe | 
"{8CFFE780-7413-4E9A-8E56-DD22A04AF1FD}" = protocol=17 | dir=in | app=d:\program files (x86)\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{8E41FBFF-6FFD-44C5-8E10-14E66A58C30E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8FD02ADF-CC21-48FE-B3B1-7E80DFDD64EB}" = protocol=17 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{99B282C5-BEA0-4BE2-A85B-844BAF5A3D72}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{9B5FBF50-91F4-49E6-A39A-48404FA9BB74}" = protocol=6 | dir=in | app=d:\program files (x86)\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{9C543699-E18A-4344-84A1-197B024E5CAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A07FE4C5-EE99-4F2F-8450-E5E524D1904C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{A887B61B-FF35-4293-B2F4-EB8C225C8723}" = protocol=6 | dir=in | app=d:\program files (x86)\setup_a1wlanassistent.exe | 
"{AA287448-2D08-49D9-B38A-F715D161910E}" = protocol=17 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{B86EA36D-5F7C-45EC-84AA-41153B5C4049}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{BC8D7977-C5A3-4955-8EB8-9E18C1C75E53}" = protocol=17 | dir=in | app=d:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | 
"{C03AB7F7-0E51-4264-B06E-E50AA868DCD2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{C31812F0-3C83-4F30-8972-DDDFA4D16696}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{C95CD6C7-69B6-4CD1-8378-8E2FA34F7C03}" = protocol=6 | dir=in | app=d:\program files (x86)\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{CDA59321-07D8-4555-9B44-3AF4425384DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D4385D45-7EC7-44F0-BB13-D536D2955A44}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DAC437D9-E91D-4715-9430-88E583BEC054}" = protocol=6 | dir=in | app=d:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{DC0D96AD-B667-40B9-8358-780AC6E31C30}" = protocol=6 | dir=in | app=d:\program files (x86)\combat arms eu\nmservice.exe | 
"{DEC86AD6-F914-4EE8-997B-72DA0BD1D4A7}" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E0FB538F-77B5-43AC-BF78-2B0C894AA3A4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{E4F7DDF1-5ACB-4CBA-A8EF-EF9681E7AD12}" = protocol=6 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{F1D27B96-557E-44D1-A7E8-F6D52B7C2B6D}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{F4A49B80-DE21-401A-80EE-C67C85C3021C}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{F60D8A73-F275-4650-A65A-E32EE9136094}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F72CE0F1-1EF3-471C-AC21-6EF12A6BBF34}" = protocol=17 | dir=in | app=d:\program files (x86)\setup_a1wlanassistent.exe | 
"{F888F964-F8BC-4788-8D9D-E1463AA0A41D}" = protocol=6 | dir=in | app=d:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | 
"{FA95C8DE-4F35-401B-9F83-EAE39E51C45B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FE03BD60-76E1-4F3D-9115-F00B50189372}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{3005665F-D192-4359-96F8-A49204287B60}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{41882DFE-477D-4D47-AF99-1BEC330E88AF}D:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{5EF8FB9F-D27E-402A-BB76-7F637B9EC0B9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{FCAC0533-2954-4B4A-8E13-C1CF85376FCF}D:\program files (x86)\steam\steamapps\mikeyboy313\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\mikeyboy313\team fortress 2\hl2.exe | 
"UDP Query User{07B34BEE-03E2-4062-8A53-47AE2FD1D411}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{3EE7B6EC-8C35-45E7-BD68-85D04956A6D4}D:\program files (x86)\steam\steamapps\mikeyboy313\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\mikeyboy313\team fortress 2\hl2.exe | 
"UDP Query User{B862D900-7132-4161-B030-3D12989A998A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{C417DD1B-C549-4C23-85B0-08E3B6D1FDBE}D:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D9A78F1-FDC7-45D8-8145-B6462CA82240}" = Mathcad Prime 2.0
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety
"{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9cc89170-000b-457d-91f1-53691f85b224}" = Python 2.6.1 (64-bit)
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FD67869B-C97B-4F2C-AD80-ABF130238441}" = Oracle VM VirtualBox 4.1.16
"Elantech" = ETDWare PS/2-X64 8.0.5.3_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"ProInst" = Intel PROSet Wireless
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{434D0FA0-AB8C-497F-B30A-7A1000038201}" = DiRT 3
"{44653096-3E44-402E-B68E-37D77240BFA8}" = Accelrys Draw 4.1
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89E0B0D4-DFC3-49B9-8E88-F1B801325C8A}" = Emergency 3
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76D478-1033-0000-3478-000000000004}" = Mathcad PDSi viewable support
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B92DC48F-98BC-41C9-8C64-014DFD058708}" = Der finstere Dschungel
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Wegberg-Modifikation-5-0}_is1" = Feuer- und Notfallsimulation Wegberg Version 5.0
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aonUpdate" = aonUpdate
"ArmA 2" = ArmA 2 Free Uninstall
"ASIO4ALL" = ASIO4ALL
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Audacity_is1" = Audacity 1.2.6
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"Bookworm Deluxe" = Bookworm Deluxe
"Bridge Building Game" = Bridge Building Game
"Clonk Rage" = Clonk Rage
"Cooking Dash" = Cooking Dash
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESET Online Scanner" = ESET Online Scanner v3
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"FL Studio 10" = FL Studio 10
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"FreeHideIP" = Free Hide IP
"Governor of Poker" = Governor of Poker
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"IL Download Manager" = IL Download Manager
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Jewel Quest 3" = Jewel Quest 3
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mathcad PDSi viewable support" = Mathcad PDSi viewable support
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"Plants vs Zombies" = Plants vs Zombies
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"Rigs of Rods 0.38.67" = Rigs of Rods 0.38.67
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 440" = Team Fortress 2
"Steam App 50130" = Mafia II
"Steam App 520" = Team Fortress 2 Beta
"Super Mario World Flash" = Super Mario World Flash
"TmNationsForever_is1" = TmNationsForever
"Update Engine" = Sony Ericsson Update Engine
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1167183996-2461493483-177166186-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GeoGebra 4" = GeoGebra 4
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.06.2012 15:48:23 | Computer Name = Michaels_Laptop | Source = Application Hang | ID = 1002
Description = Programm mafia2.exe, Version 1.0.0.1 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 16b0    Startzeit:
 01cd480a212e6c34    Endzeit: 30    Anwendungspfad: d:\program files (x86)\steam\steamapps\common\mafia
 ii\pc\mafia2.exe    Berichts-ID: 68a6a8bc-b3fd-11e1-8da7-5404a637bdc5  
 
Error - 12.06.2012 02:30:14 | Computer Name = Michaels_Laptop | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1330    Startzeit:
 01cd4864a9ef1d47    Endzeit: 0    Anwendungspfad: D:\Program Files (x86)\Steam\Steam.exe

Berichts-ID:
 0f543352-b458-11e1-8f77-5404a637bdc5  
 
Error - 12.06.2012 05:46:33 | Computer Name = Michaels_Laptop | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word konnte zuletzt nicht
 korrekt gestartet werden. Das Starten von Word im abgesicherten Modus hilft Ihnen,
 ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich
 starten können. Einige Funktionen können in diesem Modus deaktiviert sein.  Möchten
 Sie Word im abgesicherten Modus starten?.
 
Error - 12.06.2012 07:23:09 | Computer Name = Michaels_Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: The server name or address could not be resolved  
 
Error - 12.06.2012 09:15:41 | Computer Name = Michaels_Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: The server name or address could not be resolved  
 
Error - 12.06.2012 14:58:04 | Computer Name = Michaels_Laptop | Source = Application Hang | ID = 1002
Description = Programm shutdown.exe, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 2074    Startzeit: 01cd48cd31d340f4    Endzeit: 0    Anwendungspfad: 
C:\Windows\system32\shutdown.exe    Berichts-ID: 8886e112-b4c0-11e1-a8b4-5404a637bdc5

 
Error - 13.06.2012 02:07:22 | Computer Name = Michael_Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: The server name or address could not be resolved  
 
Error - 13.06.2012 03:16:38 | Computer Name = Michael_Laptop | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1224    Startzeit: 01cd49296b5ea0e7    Endzeit: 2808    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID: a9ade6d9-b527-11e1-9842-bf4c91ede4a6  
 
Error - 13.06.2012 04:12:02 | Computer Name = Michael_Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: The server name or address could not be resolved  
 
Error - 13.06.2012 07:09:59 | Computer Name = Michael_Laptop | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: The server name or address could not be resolved  
 
[ System Events ]
Error - 13.10.2012 10:46:34 | Computer Name = Michael_Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 13.10.2012 10:46:34 | Computer Name = Michael_Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 13.10.2012 10:46:34 | Computer Name = Michael_Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.10.2012 11:44:23 | Computer Name = Michael_Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.10.2012 11:47:01 | Computer Name = Michael_Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.10.2012 12:13:23 | Computer Name = Michael_Laptop | Source = BROWSER | ID = 8032
Description = 
 
Error - 13.10.2012 14:28:16 | Computer Name = Michael_Laptop | Source = BROWSER | ID = 8032
Description = 
 
Error - 14.10.2012 14:26:23 | Computer Name = Michael_Laptop | Source = BROWSER | ID = 8032
Description = 
 
Error - 14.10.2012 16:21:22 | Computer Name = Michael_Laptop | Source = BROWSER | ID = 8032
Description = 
 
Error - 15.10.2012 07:27:12 | Computer Name = Michael_Laptop | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >
         

Alt 15.10.2012, 17:37   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Code:
ATTFilter
"ProxyServer" = 10.1.8.1:3128
         
Was ist denn das für ein Proxy? Bist du mit diesem Rechner in einem Uni- oder Firmennetz?
__________________

__________________

Alt 15.10.2012, 18:02   #18
mike-E-boy
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Hallo,
den Proxy brauche ich für das Schulnetzwerk.
__________________

Alt 15.10.2012, 18:59   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.10.2012, 19:51   #20
mike-E-boy
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Hallo,
das Log vom TDSSKiller:
Code:
ATTFilter
20:47:05.0469 7084  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:47:05.0766 7084  ============================================================
20:47:05.0766 7084  Current date / time: 2012/10/15 20:47:05.0766
20:47:05.0766 7084  SystemInfo:
20:47:05.0766 7084  
20:47:05.0766 7084  OS Version: 6.1.7601 ServicePack: 1.0
20:47:05.0766 7084  Product type: Workstation
20:47:05.0766 7084  ComputerName: MICHAEL_LAPTOP
20:47:05.0766 7084  UserName: Michael
20:47:05.0766 7084  Windows directory: C:\Windows
20:47:05.0766 7084  System windows directory: C:\Windows
20:47:05.0766 7084  Running under WOW64
20:47:05.0766 7084  Processor architecture: Intel x64
20:47:05.0766 7084  Number of processors: 4
20:47:05.0766 7084  Page size: 0x1000
20:47:05.0766 7084  Boot type: Normal boot
20:47:05.0766 7084  ============================================================
20:47:06.0359 7084  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:47:06.0359 7084  ============================================================
20:47:06.0359 7084  \Device\Harddisk0\DR0:
20:47:06.0359 7084  MBR partitions:
20:47:06.0359 7084  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x22EE8800
20:47:06.0359 7084  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x260E9000, BlocksNum 0x3145C800
20:47:06.0359 7084  ============================================================
20:47:06.0390 7084  C: <-> \Device\Harddisk0\DR0\Partition1
20:47:06.0421 7084  D: <-> \Device\Harddisk0\DR0\Partition2
20:47:06.0421 7084  ============================================================
20:47:06.0421 7084  Initialize success
20:47:06.0421 7084  ============================================================
20:48:13.0844 5428  ============================================================
20:48:13.0844 5428  Scan started
20:48:13.0844 5428  Mode: Manual; SigCheck; TDLFS; 
20:48:13.0844 5428  ============================================================
20:48:16.0294 5428  ================ Scan system memory ========================
20:48:16.0294 5428  System memory - ok
20:48:16.0294 5428  ================ Scan services =============================
20:48:16.0528 5428  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:48:16.0684 5428  1394ohci - ok
20:48:16.0746 5428  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:48:16.0777 5428  ACPI - ok
20:48:16.0808 5428  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:48:16.0918 5428  AcpiPmi - ok
20:48:17.0042 5428  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:48:17.0058 5428  AdobeARMservice - ok
20:48:17.0120 5428  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:48:17.0167 5428  adp94xx - ok
20:48:17.0183 5428  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:48:17.0198 5428  adpahci - ok
20:48:17.0230 5428  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:48:17.0245 5428  adpu320 - ok
20:48:17.0261 5428  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:48:17.0479 5428  AeLookupSvc - ok
20:48:17.0557 5428  [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent        C:\Windows\system32\FBAgent.exe
20:48:17.0588 5428  AFBAgent - ok
20:48:17.0682 5428  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:48:17.0791 5428  AFD - ok
20:48:17.0854 5428  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:48:17.0869 5428  agp440 - ok
20:48:17.0916 5428  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:48:17.0963 5428  ALG - ok
20:48:17.0994 5428  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:48:18.0010 5428  aliide - ok
20:48:18.0025 5428  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:48:18.0056 5428  amdide - ok
20:48:18.0072 5428  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:48:18.0119 5428  AmdK8 - ok
20:48:18.0150 5428  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:48:18.0181 5428  AmdPPM - ok
20:48:18.0228 5428  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:48:18.0244 5428  amdsata - ok
20:48:18.0275 5428  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:48:18.0275 5428  amdsbs - ok
20:48:18.0306 5428  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:48:18.0322 5428  amdxata - ok
20:48:18.0353 5428  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:48:18.0602 5428  AppID - ok
20:48:18.0649 5428  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:48:18.0696 5428  AppIDSvc - ok
20:48:18.0743 5428  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:48:18.0836 5428  Appinfo - ok
20:48:18.0883 5428  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
20:48:18.0914 5428  arc - ok
20:48:18.0946 5428  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:48:18.0961 5428  arcsas - ok
20:48:19.0055 5428  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
20:48:19.0086 5428  ASLDRService - ok
20:48:19.0102 5428  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
20:48:19.0117 5428  ASMMAP64 - ok
20:48:19.0164 5428  [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
20:48:19.0242 5428  asmthub3 - ok
20:48:19.0289 5428  [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
20:48:19.0351 5428  asmtxhci - ok
20:48:19.0523 5428  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:48:19.0538 5428  aspnet_state - ok
20:48:19.0585 5428  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:48:19.0663 5428  AsyncMac - ok
20:48:19.0710 5428  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:48:19.0741 5428  atapi - ok
20:48:19.0788 5428  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:48:19.0897 5428  athr - ok
20:48:19.0928 5428  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
20:48:19.0960 5428  ATKGFNEXSrv - ok
20:48:20.0038 5428  [ AC31727F9946E9009480708E4D1B9986 ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
20:48:20.0053 5428  ATKWMIACPIIO - ok
20:48:20.0131 5428  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:48:20.0240 5428  AudioEndpointBuilder - ok
20:48:20.0303 5428  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:48:20.0350 5428  AudioSrv - ok
20:48:20.0381 5428  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:48:20.0474 5428  AxInstSV - ok
20:48:20.0537 5428  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:48:20.0646 5428  b06bdrv - ok
20:48:20.0708 5428  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:48:20.0771 5428  b57nd60a - ok
20:48:20.0849 5428  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:48:20.0880 5428  BBSvc - ok
20:48:20.0927 5428  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:48:20.0989 5428  BDESVC - ok
20:48:21.0020 5428  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:48:21.0114 5428  Beep - ok
20:48:21.0145 5428  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:48:21.0208 5428  BFE - ok
20:48:21.0395 5428  [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
20:48:21.0488 5428  BHDrvx64 - ok
20:48:21.0535 5428  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:48:21.0644 5428  BITS - ok
20:48:21.0676 5428  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:48:21.0722 5428  blbdrive - ok
20:48:21.0769 5428  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:48:21.0832 5428  bowser - ok
20:48:21.0863 5428  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:48:21.0956 5428  BrFiltLo - ok
20:48:21.0972 5428  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:48:22.0003 5428  BrFiltUp - ok
20:48:22.0034 5428  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:48:22.0097 5428  Browser - ok
20:48:22.0112 5428  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:48:22.0159 5428  Brserid - ok
20:48:22.0175 5428  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:48:22.0206 5428  BrSerWdm - ok
20:48:22.0222 5428  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:48:22.0268 5428  BrUsbMdm - ok
20:48:22.0284 5428  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:48:22.0300 5428  BrUsbSer - ok
20:48:22.0346 5428  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
20:48:22.0456 5428  BthEnum - ok
20:48:22.0502 5428  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:48:22.0549 5428  BTHMODEM - ok
20:48:22.0565 5428  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:48:22.0612 5428  BthPan - ok
20:48:22.0674 5428  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:48:22.0799 5428  BTHPORT - ok
20:48:22.0846 5428  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:48:22.0924 5428  bthserv - ok
20:48:22.0939 5428  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:48:22.0955 5428  BTHUSB - ok
20:48:23.0033 5428  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
20:48:23.0064 5428  ccSet_NIS - ok
20:48:23.0111 5428  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:48:23.0189 5428  cdfs - ok
20:48:23.0220 5428  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:48:23.0267 5428  cdrom - ok
20:48:23.0298 5428  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:48:23.0345 5428  CertPropSvc - ok
20:48:23.0392 5428  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
20:48:23.0407 5428  circlass - ok
20:48:23.0438 5428  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:48:23.0454 5428  CLFS - ok
20:48:23.0532 5428  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:48:23.0563 5428  clr_optimization_v2.0.50727_32 - ok
20:48:23.0610 5428  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:48:23.0641 5428  clr_optimization_v2.0.50727_64 - ok
20:48:23.0719 5428  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:48:23.0782 5428  clr_optimization_v4.0.30319_32 - ok
20:48:23.0797 5428  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:48:23.0813 5428  clr_optimization_v4.0.30319_64 - ok
20:48:23.0844 5428  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:48:23.0875 5428  CmBatt - ok
20:48:23.0891 5428  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:48:23.0906 5428  cmdide - ok
20:48:23.0953 5428  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:48:24.0016 5428  CNG - ok
20:48:24.0031 5428  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:48:24.0062 5428  Compbatt - ok
20:48:24.0078 5428  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:48:24.0125 5428  CompositeBus - ok
20:48:24.0140 5428  COMSysApp - ok
20:48:24.0156 5428  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:48:24.0172 5428  crcdisk - ok
20:48:24.0218 5428  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:48:24.0296 5428  CryptSvc - ok
20:48:24.0421 5428  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:48:24.0484 5428  cvhsvc - ok
20:48:24.0515 5428  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:48:24.0562 5428  DcomLaunch - ok
20:48:24.0593 5428  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:48:24.0702 5428  defragsvc - ok
20:48:24.0718 5428  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:48:24.0764 5428  DfsC - ok
20:48:24.0811 5428  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:48:24.0889 5428  Dhcp - ok
20:48:24.0905 5428  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:48:24.0983 5428  discache - ok
20:48:25.0030 5428  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
20:48:25.0061 5428  Disk - ok
20:48:25.0092 5428  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:48:25.0139 5428  Dnscache - ok
20:48:25.0170 5428  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:48:25.0264 5428  dot3svc - ok
20:48:25.0279 5428  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:48:25.0326 5428  DPS - ok
20:48:25.0357 5428  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:48:25.0420 5428  drmkaud - ok
20:48:25.0466 5428  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:48:25.0498 5428  dtsoftbus01 - ok
20:48:25.0529 5428  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:48:25.0560 5428  DXGKrnl - ok
20:48:25.0560 5428  EagleX64 - ok
20:48:25.0591 5428  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:48:25.0638 5428  EapHost - ok
20:48:25.0732 5428  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:48:25.0825 5428  ebdrv - ok
20:48:25.0888 5428  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:48:25.0934 5428  eeCtrl - ok
20:48:25.0981 5428  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:48:26.0044 5428  EFS - ok
20:48:26.0122 5428  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:48:26.0231 5428  ehRecvr - ok
20:48:26.0246 5428  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:48:26.0293 5428  ehSched - ok
20:48:26.0356 5428  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:48:26.0371 5428  elxstor - ok
20:48:26.0402 5428  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:48:26.0402 5428  EraserUtilRebootDrv - ok
20:48:26.0418 5428  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:48:26.0434 5428  ErrDev - ok
20:48:26.0496 5428  [ 871AB1BFA00ECA5DFDE99D6EECE1BFD4 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
20:48:26.0496 5428  ETD - ok
20:48:26.0527 5428  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:48:26.0574 5428  EventSystem - ok
20:48:26.0699 5428  [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:48:26.0777 5428  EvtEng - ok
20:48:26.0808 5428  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:48:26.0839 5428  exfat - ok
20:48:26.0870 5428  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:48:26.0948 5428  fastfat - ok
20:48:26.0995 5428  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:48:27.0058 5428  Fax - ok
20:48:27.0073 5428  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
20:48:27.0120 5428  fdc - ok
20:48:27.0136 5428  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:48:27.0167 5428  fdPHost - ok
20:48:27.0198 5428  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:48:27.0245 5428  FDResPub - ok
20:48:27.0276 5428  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:48:27.0276 5428  FileInfo - ok
20:48:27.0292 5428  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:48:27.0354 5428  Filetrace - ok
20:48:27.0370 5428  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:48:27.0401 5428  flpydisk - ok
20:48:27.0416 5428  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:48:27.0432 5428  FltMgr - ok
20:48:27.0463 5428  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:48:27.0557 5428  FontCache - ok
20:48:27.0604 5428  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:48:27.0635 5428  FontCache3.0.0.0 - ok
20:48:27.0650 5428  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:48:27.0666 5428  FsDepends - ok
20:48:27.0713 5428  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:48:27.0728 5428  fssfltr - ok
20:48:27.0806 5428  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:48:27.0900 5428  fsssvc - ok
20:48:27.0931 5428  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:48:27.0947 5428  Fs_Rec - ok
20:48:27.0978 5428  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:48:27.0994 5428  fvevol - ok
20:48:28.0009 5428  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:48:28.0025 5428  gagp30kx - ok
20:48:28.0056 5428  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:48:28.0103 5428  gpsvc - ok
20:48:28.0212 5428  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:48:28.0243 5428  gupdate - ok
20:48:28.0259 5428  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:48:28.0259 5428  gupdatem - ok
20:48:28.0337 5428  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:48:28.0352 5428  gusvc - ok
20:48:28.0399 5428  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:48:28.0446 5428  hcw85cir - ok
20:48:28.0477 5428  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:48:28.0508 5428  HdAudAddService - ok
20:48:28.0555 5428  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:48:28.0586 5428  HDAudBus - ok
20:48:28.0586 5428  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:48:28.0618 5428  HidBatt - ok
20:48:28.0618 5428  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:48:28.0633 5428  HidBth - ok
20:48:28.0649 5428  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:48:28.0664 5428  HidIr - ok
20:48:28.0696 5428  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:48:28.0758 5428  hidserv - ok
20:48:28.0805 5428  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:48:28.0836 5428  HidUsb - ok
20:48:28.0867 5428  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:48:28.0961 5428  hkmsvc - ok
20:48:28.0976 5428  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:48:29.0008 5428  HomeGroupListener - ok
20:48:29.0039 5428  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:48:29.0070 5428  HomeGroupProvider - ok
20:48:29.0086 5428  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:48:29.0101 5428  HpSAMD - ok
20:48:29.0132 5428  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:48:29.0179 5428  HTTP - ok
20:48:29.0226 5428  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:48:29.0242 5428  hwpolicy - ok
20:48:29.0273 5428  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:48:29.0304 5428  i8042prt - ok
20:48:29.0351 5428  [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:48:29.0366 5428  iaStor - ok
20:48:29.0413 5428  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:48:29.0460 5428  iaStorV - ok
20:48:29.0554 5428  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:48:29.0585 5428  IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:48:29.0585 5428  IDriverT - detected UnsignedFile.Multi.Generic (1)
20:48:29.0663 5428  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:48:29.0741 5428  idsvc - ok
20:48:29.0819 5428  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121012.001\IDSvia64.sys
20:48:29.0834 5428  IDSVia64 - ok
20:48:30.0068 5428  [ EFE5A0AF39A8E179624117C521F1E012 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:48:30.0412 5428  igfx - ok
20:48:30.0443 5428  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:48:30.0458 5428  iirsp - ok
20:48:30.0505 5428  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:48:30.0583 5428  IKEEXT - ok
20:48:30.0708 5428  [ 9F573C952961F444F400489E81ECA381 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:48:30.0817 5428  IntcAzAudAddService - ok
20:48:30.0864 5428  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
20:48:30.0926 5428  IntcDAud - ok
20:48:30.0958 5428  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:48:30.0989 5428  intelide - ok
20:48:31.0020 5428  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:48:31.0051 5428  intelppm - ok
20:48:31.0082 5428  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:48:31.0145 5428  IPBusEnum - ok
20:48:31.0145 5428  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:48:31.0207 5428  IpFilterDriver - ok
20:48:31.0270 5428  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:48:31.0348 5428  iphlpsvc - ok
20:48:31.0348 5428  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:48:31.0379 5428  IPMIDRV - ok
20:48:31.0379 5428  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:48:31.0426 5428  IPNAT - ok
20:48:31.0457 5428  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:48:31.0535 5428  IRENUM - ok
20:48:31.0550 5428  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:48:31.0550 5428  isapnp - ok
20:48:31.0582 5428  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:48:31.0597 5428  iScsiPrt - ok
20:48:31.0613 5428  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:48:31.0628 5428  kbdclass - ok
20:48:31.0644 5428  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:48:31.0675 5428  kbdhid - ok
20:48:31.0706 5428  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
20:48:31.0722 5428  kbfiltr - ok
20:48:31.0753 5428  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:48:31.0769 5428  KeyIso - ok
20:48:31.0800 5428  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:48:31.0831 5428  KSecDD - ok
20:48:31.0862 5428  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:48:31.0878 5428  KSecPkg - ok
20:48:31.0894 5428  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:48:31.0925 5428  ksthunk - ok
20:48:31.0972 5428  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:48:32.0018 5428  KtmRm - ok
20:48:32.0034 5428  [ 033B4AED2C5519072C0D81E00804D003 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
20:48:32.0065 5428  L1C - ok
20:48:32.0112 5428  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:48:32.0206 5428  LanmanServer - ok
20:48:32.0237 5428  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:48:32.0268 5428  LanmanWorkstation - ok
20:48:32.0393 5428  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:48:32.0424 5428  LBTServ - ok
20:48:32.0440 5428  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:48:32.0455 5428  LHidFilt - ok
20:48:32.0486 5428  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:48:32.0580 5428  lltdio - ok
20:48:32.0611 5428  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:48:32.0689 5428  lltdsvc - ok
20:48:32.0720 5428  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:48:32.0767 5428  lmhosts - ok
20:48:32.0798 5428  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:48:32.0798 5428  LMouFilt - ok
20:48:32.0830 5428  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:48:32.0845 5428  LSI_FC - ok
20:48:32.0845 5428  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:48:32.0861 5428  LSI_SAS - ok
20:48:32.0861 5428  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:48:32.0876 5428  LSI_SAS2 - ok
20:48:32.0876 5428  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:48:32.0876 5428  LSI_SCSI - ok
20:48:32.0892 5428  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:48:32.0939 5428  luafv - ok
20:48:32.0986 5428  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:48:33.0017 5428  Mcx2Svc - ok
20:48:33.0017 5428  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:48:33.0032 5428  megasas - ok
20:48:33.0048 5428  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:48:33.0064 5428  MegaSR - ok
20:48:33.0095 5428  [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
20:48:33.0110 5428  MEIx64 - ok
20:48:33.0110 5428  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:48:33.0157 5428  MMCSS - ok
20:48:33.0173 5428  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:48:33.0204 5428  Modem - ok
20:48:33.0235 5428  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:48:33.0266 5428  monitor - ok
20:48:33.0298 5428  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:48:33.0329 5428  mouclass - ok
20:48:33.0344 5428  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:48:33.0376 5428  mouhid - ok
20:48:33.0391 5428  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:48:33.0407 5428  mountmgr - ok
20:48:33.0485 5428  [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:48:33.0516 5428  MozillaMaintenance - ok
20:48:33.0547 5428  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:48:33.0563 5428  mpio - ok
20:48:33.0563 5428  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:48:33.0610 5428  mpsdrv - ok
20:48:33.0890 5428  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:48:33.0968 5428  MpsSvc - ok
20:48:33.0968 5428  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:48:34.0015 5428  MRxDAV - ok
20:48:34.0031 5428  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:48:34.0140 5428  mrxsmb - ok
20:48:34.0187 5428  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:48:34.0234 5428  mrxsmb10 - ok
20:48:34.0249 5428  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:48:34.0280 5428  mrxsmb20 - ok
20:48:34.0312 5428  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:48:34.0312 5428  msahci - ok
20:48:34.0327 5428  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:48:34.0343 5428  msdsm - ok
20:48:34.0358 5428  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:48:34.0390 5428  MSDTC - ok
20:48:34.0405 5428  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:48:34.0452 5428  Msfs - ok
20:48:34.0468 5428  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:48:34.0514 5428  mshidkmdf - ok
20:48:34.0530 5428  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:48:34.0546 5428  msisadrv - ok
20:48:34.0577 5428  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:48:34.0624 5428  MSiSCSI - ok
20:48:34.0624 5428  msiserver - ok
20:48:34.0655 5428  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:48:34.0686 5428  MSKSSRV - ok
20:48:34.0717 5428  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:48:34.0748 5428  MSPCLOCK - ok
20:48:34.0764 5428  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:48:34.0811 5428  MSPQM - ok
20:48:34.0826 5428  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:48:34.0842 5428  MsRPC - ok
20:48:34.0858 5428  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:48:34.0858 5428  mssmbios - ok
20:48:34.0858 5428  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:48:34.0936 5428  MSTEE - ok
20:48:34.0936 5428  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:48:34.0998 5428  MTConfig - ok
20:48:35.0029 5428  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:48:35.0060 5428  Mup - ok
20:48:35.0107 5428  [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:48:35.0138 5428  MyWiFiDHCPDNS - ok
20:48:35.0170 5428  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:48:35.0248 5428  napagent - ok
20:48:35.0294 5428  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:48:35.0372 5428  NativeWifiP - ok
20:48:35.0466 5428  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121015.002\ENG64.SYS
20:48:35.0482 5428  NAVENG - ok
20:48:35.0560 5428  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121015.002\EX64.SYS
20:48:35.0606 5428  NAVEX15 - ok
20:48:35.0653 5428  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:48:35.0700 5428  NDIS - ok
20:48:35.0731 5428  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:48:35.0778 5428  NdisCap - ok
20:48:35.0778 5428  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:48:35.0809 5428  NdisTapi - ok
20:48:35.0825 5428  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:48:35.0887 5428  Ndisuio - ok
20:48:35.0918 5428  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:48:35.0950 5428  NdisWan - ok
20:48:35.0981 5428  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:48:36.0012 5428  NDProxy - ok
20:48:36.0043 5428  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:48:36.0074 5428  NetBIOS - ok
20:48:36.0090 5428  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:48:36.0121 5428  NetBT - ok
20:48:36.0137 5428  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:48:36.0152 5428  Netlogon - ok
20:48:36.0199 5428  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:48:36.0246 5428  Netman - ok
20:48:36.0293 5428  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:36.0340 5428  NetMsmqActivator - ok
20:48:36.0340 5428  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:36.0371 5428  NetPipeActivator - ok
20:48:36.0386 5428  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:48:36.0449 5428  netprofm - ok
20:48:36.0449 5428  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:36.0449 5428  NetTcpActivator - ok
20:48:36.0464 5428  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:36.0464 5428  NetTcpPortSharing - ok
20:48:36.0667 5428  [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
20:48:36.0886 5428  NETwNs64 - ok
20:48:36.0917 5428  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:48:36.0948 5428  nfrd960 - ok
20:48:37.0120 5428  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
20:48:37.0151 5428  NIS - ok
20:48:37.0182 5428  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:48:37.0244 5428  NlaSvc - ok
20:48:37.0260 5428  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:48:37.0291 5428  Npfs - ok
20:48:37.0307 5428  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:48:37.0354 5428  nsi - ok
20:48:37.0369 5428  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:48:37.0416 5428  nsiproxy - ok
20:48:37.0463 5428  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:48:37.0525 5428  Ntfs - ok
20:48:37.0525 5428  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:48:37.0572 5428  Null - ok
20:48:37.0837 5428  [ 07CA1D99512EE5EF99E954A13F3BFFA8 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:48:38.0165 5428  nvlddmkm - ok
20:48:38.0180 5428  [ A8DB9EBD9887A9820DBC1878F0301EE7 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
20:48:38.0180 5428  nvpciflt - ok
20:48:38.0227 5428  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:48:38.0258 5428  nvraid - ok
20:48:38.0290 5428  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:48:38.0305 5428  nvstor - ok
20:48:38.0352 5428  [ 9007A22A1938A9EF81CA5122121ECCD8 ] NVSvc           C:\Windows\system32\nvvsvc.exe
20:48:38.0368 5428  NVSvc - ok
20:48:38.0430 5428  [ 00572C26C6DCF99362068FB7283B7126 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:48:38.0508 5428  nvUpdatusService - ok
20:48:38.0539 5428  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:48:38.0539 5428  nv_agp - ok
20:48:38.0555 5428  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:48:38.0570 5428  ohci1394 - ok
20:48:38.0602 5428  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:48:38.0633 5428  ose - ok
20:48:38.0773 5428  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:48:38.0945 5428  osppsvc - ok
20:48:38.0976 5428  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:48:39.0038 5428  p2pimsvc - ok
20:48:39.0070 5428  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:48:39.0116 5428  p2psvc - ok
20:48:39.0148 5428  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
20:48:39.0163 5428  Parport - ok
20:48:39.0194 5428  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:48:39.0226 5428  partmgr - ok
20:48:39.0241 5428  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:48:39.0272 5428  PcaSvc - ok
20:48:39.0304 5428  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:48:39.0319 5428  pci - ok
20:48:39.0335 5428  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:48:39.0350 5428  pciide - ok
20:48:39.0382 5428  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:48:39.0397 5428  pcmcia - ok
20:48:39.0397 5428  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:48:39.0413 5428  pcw - ok
20:48:39.0428 5428  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:48:39.0475 5428  PEAUTH - ok
20:48:39.0584 5428  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:48:39.0616 5428  PerfHost - ok
20:48:39.0678 5428  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:48:39.0772 5428  pla - ok
20:48:39.0803 5428  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:48:39.0834 5428  PlugPlay - ok
20:48:39.0865 5428  PnkBstrA - ok
20:48:39.0881 5428  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:48:39.0896 5428  PNRPAutoReg - ok
20:48:39.0928 5428  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:48:39.0943 5428  PNRPsvc - ok
20:48:39.0959 5428  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:48:40.0006 5428  PolicyAgent - ok
20:48:40.0037 5428  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:48:40.0130 5428  Power - ok
20:48:40.0162 5428  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:48:40.0193 5428  PptpMiniport - ok
20:48:40.0208 5428  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
20:48:40.0224 5428  Processor - ok
20:48:40.0255 5428  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:48:40.0286 5428  ProfSvc - ok
20:48:40.0302 5428  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:48:40.0318 5428  ProtectedStorage - ok
20:48:40.0349 5428  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:48:40.0396 5428  Psched - ok
20:48:40.0474 5428  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:48:40.0567 5428  ql2300 - ok
20:48:40.0567 5428  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:48:40.0583 5428  ql40xx - ok
20:48:40.0614 5428  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:48:40.0630 5428  QWAVE - ok
20:48:40.0630 5428  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:48:40.0661 5428  QWAVEdrv - ok
20:48:40.0676 5428  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:48:40.0708 5428  RasAcd - ok
20:48:40.0739 5428  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:48:40.0817 5428  RasAgileVpn - ok
20:48:40.0832 5428  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:48:40.0879 5428  RasAuto - ok
20:48:40.0910 5428  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:48:40.0973 5428  Rasl2tp - ok
20:48:41.0020 5428  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:48:41.0082 5428  RasMan - ok
20:48:41.0098 5428  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:48:41.0144 5428  RasPppoe - ok
20:48:41.0160 5428  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:48:41.0207 5428  RasSstp - ok
20:48:41.0222 5428  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:48:41.0254 5428  rdbss - ok
20:48:41.0300 5428  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:48:41.0332 5428  rdpbus - ok
20:48:41.0378 5428  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:48:41.0425 5428  RDPCDD - ok
20:48:41.0441 5428  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:48:41.0472 5428  RDPENCDD - ok
20:48:41.0488 5428  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:48:41.0519 5428  RDPREFMP - ok
20:48:41.0566 5428  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:48:41.0628 5428  RDPWD - ok
20:48:41.0675 5428  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:48:41.0706 5428  rdyboost - ok
20:48:41.0784 5428  [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:48:41.0862 5428  RegSrvc - ok
20:48:41.0893 5428  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:48:41.0940 5428  RemoteAccess - ok
20:48:41.0956 5428  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:48:42.0002 5428  RemoteRegistry - ok
20:48:42.0049 5428  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:48:42.0096 5428  RFCOMM - ok
20:48:42.0112 5428  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:48:42.0205 5428  RpcEptMapper - ok
20:48:42.0236 5428  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:48:42.0268 5428  RpcLocator - ok
20:48:42.0299 5428  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:48:42.0330 5428  RpcSs - ok
20:48:42.0346 5428  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:48:42.0377 5428  rspndr - ok
20:48:42.0424 5428  [ E57FAC2CDB73F06586ED2ED310B80932 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
20:48:42.0455 5428  RSUSBVSTOR - ok
20:48:42.0486 5428  [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:48:42.0502 5428  RTL8167 - ok
20:48:42.0533 5428  [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus        C:\Windows\system32\DRIVERS\s0017bus.sys
20:48:42.0548 5428  s0017bus - ok
20:48:42.0564 5428  [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl       C:\Windows\system32\DRIVERS\s0017mdfl.sys
20:48:42.0564 5428  s0017mdfl - ok
20:48:42.0580 5428  [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm        C:\Windows\system32\DRIVERS\s0017mdm.sys
20:48:42.0595 5428  s0017mdm - ok
20:48:42.0611 5428  [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt       C:\Windows\system32\DRIVERS\s0017mgmt.sys
20:48:42.0626 5428  s0017mgmt - ok
20:48:42.0642 5428  [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5        C:\Windows\system32\DRIVERS\s0017nd5.sys
20:48:42.0658 5428  s0017nd5 - ok
20:48:42.0673 5428  [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex       C:\Windows\system32\DRIVERS\s0017obex.sys
20:48:42.0673 5428  s0017obex - ok
20:48:42.0704 5428  [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic       C:\Windows\system32\DRIVERS\s0017unic.sys
20:48:42.0720 5428  s0017unic - ok
20:48:42.0736 5428  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:48:42.0751 5428  SamSs - ok
20:48:42.0782 5428  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:48:42.0782 5428  sbp2port - ok
20:48:42.0814 5428  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:48:42.0845 5428  SCardSvr - ok
20:48:42.0860 5428  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:48:42.0892 5428  scfilter - ok
20:48:42.0923 5428  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:48:42.0970 5428  Schedule - ok
20:48:42.0985 5428  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:48:43.0016 5428  SCPolicySvc - ok
20:48:43.0016 5428  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:48:43.0063 5428  SDRSVC - ok
20:48:43.0126 5428  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:48:43.0157 5428  SeaPort - ok
20:48:43.0188 5428  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:48:43.0250 5428  secdrv - ok
20:48:43.0266 5428  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:48:43.0328 5428  seclogon - ok
20:48:43.0344 5428  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:48:43.0391 5428  SENS - ok
20:48:43.0406 5428  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:48:43.0438 5428  SensrSvc - ok
20:48:43.0484 5428  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:48:43.0531 5428  Serenum - ok
20:48:43.0531 5428  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
20:48:43.0578 5428  Serial - ok
20:48:43.0594 5428  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:48:43.0625 5428  sermouse - ok
20:48:43.0640 5428  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:48:43.0687 5428  SessionEnv - ok
20:48:43.0703 5428  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:48:43.0734 5428  sffdisk - ok
20:48:43.0734 5428  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:48:43.0765 5428  sffp_mmc - ok
20:48:43.0765 5428  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:48:43.0796 5428  sffp_sd - ok
20:48:43.0812 5428  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:48:43.0859 5428  sfloppy - ok
20:48:43.0937 5428  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
20:48:43.0984 5428  Sftfs - ok
20:48:44.0062 5428  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:48:44.0093 5428  sftlist - ok
20:48:44.0108 5428  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:48:44.0124 5428  Sftplay - ok
20:48:44.0140 5428  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:48:44.0140 5428  Sftredir - ok
20:48:44.0155 5428  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
20:48:44.0171 5428  Sftvol - ok
20:48:44.0171 5428  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:48:44.0186 5428  sftvsa - ok
20:48:44.0218 5428  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:48:44.0264 5428  SharedAccess - ok
20:48:44.0311 5428  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:48:44.0389 5428  ShellHWDetection - ok
20:48:44.0436 5428  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
20:48:44.0483 5428  SiSGbeLH - ok
20:48:44.0514 5428  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:48:44.0530 5428  SiSRaid2 - ok
20:48:44.0530 5428  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:48:44.0545 5428  SiSRaid4 - ok
20:48:44.0670 5428  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:48:44.0701 5428  SkypeUpdate - ok
20:48:44.0717 5428  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:48:44.0764 5428  Smb - ok
20:48:44.0795 5428  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:48:44.0826 5428  SNMPTRAP - ok
20:48:44.0842 5428  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:48:44.0857 5428  spldr - ok
20:48:44.0888 5428  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:48:44.0935 5428  Spooler - ok
20:48:45.0013 5428  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:48:45.0169 5428  sppsvc - ok
20:48:45.0185 5428  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:48:45.0232 5428  sppuinotify - ok
20:48:45.0325 5428  [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS
20:48:45.0388 5428  SRTSP - ok
20:48:45.0466 5428  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
20:48:45.0481 5428  SRTSPX - ok
20:48:45.0512 5428  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:48:45.0590 5428  srv - ok
20:48:45.0606 5428  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:48:45.0637 5428  srv2 - ok
20:48:45.0653 5428  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:48:45.0684 5428  srvnet - ok
20:48:45.0731 5428  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:48:45.0778 5428  SSDPSRV - ok
20:48:45.0793 5428  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:48:45.0856 5428  SstpSvc - ok
20:48:45.0871 5428  Steam Client Service - ok
20:48:45.0902 5428  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:48:45.0902 5428  stexstor - ok
20:48:45.0949 5428  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:48:45.0996 5428  stisvc - ok
20:48:46.0012 5428  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:48:46.0012 5428  swenum - ok
20:48:46.0043 5428  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:48:46.0090 5428  swprv - ok
20:48:46.0121 5428  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
20:48:46.0136 5428  SymDS - ok
20:48:46.0199 5428  [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
20:48:46.0277 5428  SymEFA - ok
20:48:46.0308 5428  [ 894579207E39C465737E850A252CE4F2 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:48:46.0308 5428  SymEvent - ok
20:48:46.0339 5428  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
20:48:46.0355 5428  SymIRON - ok
20:48:46.0402 5428  [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS
20:48:46.0417 5428  SymNetS - ok
20:48:46.0480 5428  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:48:46.0542 5428  SysMain - ok
20:48:46.0558 5428  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:48:46.0589 5428  TabletInputService - ok
20:48:46.0589 5428  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:48:46.0651 5428  TapiSrv - ok
20:48:46.0682 5428  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:48:46.0714 5428  TBS - ok
20:48:46.0760 5428  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:48:46.0823 5428  Tcpip - ok
20:48:46.0838 5428  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:48:46.0870 5428  TCPIP6 - ok
20:48:46.0885 5428  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:48:46.0932 5428  tcpipreg - ok
20:48:46.0948 5428  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:48:46.0963 5428  TDPIPE - ok
20:48:46.0994 5428  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:48:47.0026 5428  TDTCP - ok
20:48:47.0041 5428  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:48:47.0072 5428  tdx - ok
20:48:47.0088 5428  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:48:47.0104 5428  TermDD - ok
20:48:47.0135 5428  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:48:47.0182 5428  TermService - ok
20:48:47.0182 5428  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:48:47.0213 5428  Themes - ok
20:48:47.0244 5428  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:48:47.0275 5428  THREADORDER - ok
20:48:47.0291 5428  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:48:47.0353 5428  TrkWks - ok
20:48:47.0400 5428  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:48:47.0525 5428  TrustedInstaller - ok
20:48:47.0556 5428  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:48:47.0618 5428  tssecsrv - ok
20:48:47.0634 5428  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:48:47.0696 5428  TsUsbFlt - ok
20:48:47.0696 5428  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:48:47.0728 5428  TsUsbGD - ok
20:48:47.0759 5428  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:48:47.0821 5428  tunnel - ok
20:48:47.0852 5428  [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
20:48:47.0852 5428  TurboB - ok
20:48:47.0930 5428  [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:48:47.0962 5428  TurboBoost - ok
20:48:47.0962 5428  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:48:47.0977 5428  uagp35 - ok
20:48:48.0008 5428  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:48:48.0071 5428  udfs - ok
20:48:48.0102 5428  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:48:48.0133 5428  UI0Detect - ok
20:48:48.0180 5428  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:48:48.0211 5428  uliagpkx - ok
20:48:48.0242 5428  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:48:48.0258 5428  umbus - ok
20:48:48.0289 5428  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:48:48.0320 5428  UmPass - ok
20:48:48.0352 5428  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:48:48.0414 5428  upnphost - ok
20:48:48.0461 5428  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:48:48.0523 5428  usbccgp - ok
20:48:48.0554 5428  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:48:48.0617 5428  usbcir - ok
20:48:48.0648 5428  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:48:48.0664 5428  usbehci - ok
20:48:48.0695 5428  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:48:48.0726 5428  usbhub - ok
20:48:48.0742 5428  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:48:48.0757 5428  usbohci - ok
20:48:48.0757 5428  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:48:48.0804 5428  usbprint - ok
20:48:48.0820 5428  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:48:48.0882 5428  USBSTOR - ok
20:48:48.0913 5428  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:48:48.0960 5428  usbuhci - ok
20:48:49.0007 5428  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:48:49.0022 5428  usbvideo - ok
20:48:49.0054 5428  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:48:49.0100 5428  UxSms - ok
20:48:49.0116 5428  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:48:49.0132 5428  VaultSvc - ok
20:48:49.0194 5428  [ BA20A718E25228B9D69D72E4F19EDEB5 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
20:48:49.0225 5428  VBoxDrv - ok
20:48:49.0288 5428  [ 48630B4530C80AAF3DDE9633E4291D8C ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
20:48:49.0303 5428  VBoxNetAdp - ok
20:48:49.0350 5428  [ 8B86A00D13E2DCBFE320061F3435FAFF ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
20:48:49.0381 5428  VBoxNetFlt - ok
20:48:49.0428 5428  [ CEC73CEA22B7258C0A8F2354DC49D25C ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
20:48:49.0444 5428  VBoxUSBMon - ok
20:48:49.0459 5428  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:48:49.0475 5428  vdrvroot - ok
20:48:49.0506 5428  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:48:49.0553 5428  vds - ok
20:48:49.0568 5428  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:48:49.0584 5428  vga - ok
20:48:49.0600 5428  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:48:49.0631 5428  VgaSave - ok
20:48:49.0631 5428  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:48:49.0646 5428  vhdmp - ok
20:48:49.0646 5428  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:48:49.0646 5428  viaide - ok
20:48:49.0678 5428  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:48:49.0678 5428  volmgr - ok
20:48:49.0693 5428  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:48:49.0693 5428  volmgrx - ok
20:48:49.0724 5428  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:48:49.0740 5428  volsnap - ok
20:48:49.0771 5428  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:48:49.0787 5428  vsmraid - ok
20:48:49.0849 5428  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:48:49.0974 5428  VSS - ok
20:48:49.0990 5428  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:48:50.0021 5428  vwifibus - ok
20:48:50.0036 5428  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:48:50.0068 5428  vwififlt - ok
20:48:50.0099 5428  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:48:50.0146 5428  vwifimp - ok
20:48:50.0192 5428  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:48:50.0270 5428  W32Time - ok
20:48:50.0286 5428  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:48:50.0333 5428  WacomPen - ok
20:48:50.0364 5428  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:48:50.0426 5428  WANARP - ok
20:48:50.0442 5428  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:48:50.0458 5428  Wanarpv6 - ok
20:48:50.0536 5428  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:48:50.0598 5428  WatAdminSvc - ok
20:48:50.0660 5428  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:48:50.0754 5428  wbengine - ok
20:48:50.0754 5428  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:48:50.0785 5428  WbioSrvc - ok
20:48:50.0785 5428  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:48:50.0832 5428  wcncsvc - ok
20:48:50.0848 5428  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:48:50.0894 5428  WcsPlugInService - ok
20:48:50.0926 5428  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
20:48:50.0941 5428  Wd - ok
20:48:50.0957 5428  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:48:50.0988 5428  Wdf01000 - ok
20:48:51.0019 5428  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:48:51.0175 5428  WdiServiceHost - ok
20:48:51.0175 5428  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:48:51.0206 5428  WdiSystemHost - ok
20:48:51.0222 5428  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:48:51.0253 5428  WebClient - ok
20:48:51.0253 5428  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:48:51.0300 5428  Wecsvc - ok
20:48:51.0316 5428  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:48:51.0347 5428  wercplsupport - ok
20:48:51.0378 5428  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:48:51.0425 5428  WerSvc - ok
20:48:51.0440 5428  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:48:51.0472 5428  WfpLwf - ok
20:48:51.0534 5428  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
20:48:51.0581 5428  WimFltr - ok
20:48:51.0596 5428  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:48:51.0612 5428  WIMMount - ok
20:48:51.0628 5428  WinDefend - ok
20:48:51.0643 5428  WinHttpAutoProxySvc - ok
20:48:51.0706 5428  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:48:51.0784 5428  Winmgmt - ok
20:48:51.0862 5428  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:48:51.0971 5428  WinRM - ok
20:48:52.0033 5428  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:48:52.0080 5428  WinUsb - ok
20:48:52.0111 5428  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:48:52.0174 5428  Wlansvc - ok
20:48:52.0205 5428  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:48:52.0220 5428  wlcrasvc - ok
20:48:52.0361 5428  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:48:52.0439 5428  wlidsvc - ok
20:48:52.0470 5428  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:48:52.0501 5428  WmiAcpi - ok
20:48:52.0517 5428  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:48:52.0548 5428  wmiApSrv - ok
20:48:52.0579 5428  WMPNetworkSvc - ok
20:48:52.0595 5428  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:48:52.0642 5428  WPCSvc - ok
20:48:52.0657 5428  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:48:52.0688 5428  WPDBusEnum - ok
20:48:52.0704 5428  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:48:52.0766 5428  ws2ifsl - ok
20:48:52.0782 5428  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:48:52.0813 5428  wscsvc - ok
20:48:52.0813 5428  WSearch - ok
20:48:52.0891 5428  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:48:53.0000 5428  wuauserv - ok
20:48:53.0000 5428  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:48:53.0047 5428  WudfPf - ok
20:48:53.0094 5428  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:48:53.0141 5428  WUDFRd - ok
20:48:53.0172 5428  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:48:53.0234 5428  wudfsvc - ok
20:48:53.0250 5428  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:48:53.0281 5428  WwanSvc - ok
20:48:53.0359 5428  ================ Scan global ===============================
20:48:53.0390 5428  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:48:53.0422 5428  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:48:53.0437 5428  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:48:53.0484 5428  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:48:53.0515 5428  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:48:53.0531 5428  [Global] - ok
20:48:53.0531 5428  ================ Scan MBR ==================================
20:48:53.0546 5428  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:48:54.0077 5428  \Device\Harddisk0\DR0 - ok
20:48:54.0077 5428  ================ Scan VBR ==================================
20:48:54.0077 5428  [ BF59654C36CBDF50B9E7154162CEAD4A ] \Device\Harddisk0\DR0\Partition1
20:48:54.0077 5428  \Device\Harddisk0\DR0\Partition1 - ok
20:48:54.0108 5428  [ B262BD1D32DB63179AA1134682B7239B ] \Device\Harddisk0\DR0\Partition2
20:48:54.0124 5428  \Device\Harddisk0\DR0\Partition2 - ok
20:48:54.0124 5428  ============================================================
20:48:54.0124 5428  Scan finished
20:48:54.0124 5428  ============================================================
20:48:54.0139 2036  Detected object count: 1
20:48:54.0139 2036  Actual detected object count: 1
20:49:06.0510 2036  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:49:06.0510 2036  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 16.10.2012, 10:07   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> Österreichischer Polizei Virus

Alt 16.10.2012, 16:21   #22
mike-E-boy
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Hallo,
die ComboFix.txt:
Code:
ATTFilter
ComboFix 12-10-16.02 - Michael 16.10.2012  16:57:44.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.6055.4204 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Roaming
c:\programdata\ssrsc.pad
c:\users\Public\sdelevURL.tmp
c:\windows\iun6002.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\tmp7D69.tmp
c:\windows\SysWow64\tmp7D89.tmp
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NVSvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-16 bis 2012-10-16  ))))))))))))))))))))))))))))))
.
.
2012-10-13 20:51 . 2012-10-13 20:51	--------	d-----w-	c:\program files (x86)\ESET
2012-10-12 21:11 . 2012-10-12 21:11	--------	d-----w-	c:\users\Michael\AppData\Roaming\Malwarebytes
2012-10-12 21:11 . 2012-10-12 21:11	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-12 21:10 . 2012-10-12 21:11	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-12 21:10 . 2012-09-07 15:04	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-12 20:52 . 2012-10-12 21:00	--------	d-----w-	c:\users\Michael\AppData\Local\NPE
2012-10-02 06:22 . 2012-10-16 06:00	--------	d-----w-	c:\windows\system32\drivers\NISx64\1309000.009
2012-09-26 13:04 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-26 07:22 . 2012-09-26 07:22	--------	d-----w-	c:\users\Michael\AppData\Roaming\IsolatedStorage
2012-09-26 07:22 . 2012-09-26 07:22	--------	d-----w-	c:\users\Michael\AppData\Roaming\Accelrys
2012-09-25 06:21 . 2012-09-25 06:21	--------	d-----w-	c:\users\Michael\AppData\Local\Axialis
2012-09-23 17:42 . 2012-09-23 17:42	--------	d-----w-	c:\users\Michael\AppData\Local\Macromedia
2012-09-22 20:11 . 2012-09-22 20:11	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-22 20:11 . 2012-09-22 20:11	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-21 19:02 . 2012-09-21 19:02	--------	d-----w-	c:\users\Michael\AppData\Roaming\SynthMaker
2012-09-17 20:52 . 2012-09-17 20:52	--------	d-----w-	c:\users\Michael\AppData\Roaming\XRay Engine
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 15:07 . 2011-12-24 20:20	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-10-05 07:47 . 2011-12-25 12:22	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-09-22 20:11 . 2012-01-03 10:57	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-22 20:11 . 2012-08-03 15:23	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-22 20:11 . 2012-01-03 10:57	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-22 20:11 . 2012-01-03 10:57	188904	----a-w-	c:\windows\system32\java.exe
2012-09-22 20:10 . 2012-03-30 18:54	696240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-22 20:10 . 2012-01-01 15:34	73136	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 18:12 . 2012-09-12 19:07	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 19:07	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 19:07	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 19:07	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 23:01 . 2012-05-08 18:00	405152	----a-w-	c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-08-20 17:38 . 2012-10-10 18:59	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 19:07	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 19:07	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-07-26 16:37 . 2012-01-05 19:09	298016	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-07-26 16:37 . 2012-01-05 19:06	298016	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-07-25 13:55 . 2012-01-05 19:06	298016	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-07-22 12:33 . 2012-01-05 19:06	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-07-21 21:46 . 2012-07-21 21:58	3130440	----a-w-	c:\windows\SysWow64\pbsvc_blr.exe
2012-07-18 18:15 . 2012-08-15 18:46	3148800	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-10-01 640376]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-25 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-29 283200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121012.001\IDSvia64.sys [2012-09-01 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 08:50]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 08:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"EvtMgr6"="d:\program files (x86)\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 10.1.8.1:3128
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ryzkgqji.default\
FF - prefs.js: browser.startup.homepage - http:/www.google.at
FF - ExtSQL: 2012-08-22 20:29; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ryzkgqji.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-BattlEye A2 Free - d:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-Super Mario World Flash - d:\program files (x86)\Super Mario World Flash\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1167183996-2461493483-177166186-1001\Software\SecuROM\License information*]
"datasecu"=hex:27,12,e3,d2,eb,ae,79,25,40,39,05,f6,54,78,6c,20,e0,cc,c7,fe,5e,
   72,bc,5f,58,c5,14,2d,0b,b1,03,b7,1a,95,72,4f,8b,8f,9a,ca,8c,a6,86,1a,7d,9f,\
"rkeysecu"=hex:b2,c9,d4,f2,4a,e0,30,36,b6,2d,cc,15,3a,7d,91,e9
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-16  17:13:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-16 15:13
.
Vor Suchlauf: 11 Verzeichnis(se), 196.720.881.664 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 198.358.237.184 Bytes frei
.
- - End Of File - - FFD52474B620A1CF700DE9F51B7D2712
         
Der Fehler mit dem Registrierungsschlüssel ist aufgetreten, nach dem Neustart funktioniert es jetzt wieder.

Alt 17.10.2012, 12:42   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.10.2012, 16:26   #24
mike-E-boy
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Hallo,
die Logs von GMER:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-19 16:57:53
Windows 6.1.7601 Service Pack 1 
Running: 3r79lg31.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd507fd5                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd507fd5@10b7f6006bdd         0xBB 0x77 0x31 0xF1 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                      
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd507fd5 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd507fd5@10b7f6006bdd             0xBB 0x77 0x31 0xF1 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
         
osam:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:03:42 on 19.10.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Pando" - "Pando Networks" - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP64" (ASMMAP64) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
"ATKWMIACPI Driver" (ATKWMIACPIIO) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
"BHDrvx64" (BHDrvx64) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"EagleX64" (EagleX64) - ? - C:\Windows\system32\drivers\EagleX64.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"IDSVia64" (IDSVia64) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121018.001\IDSvia64.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121018.021\ENG64.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121018.021\EX64.SYS
"Norton Internet Security Settings Manager" (ccSet_NIS) - "Symantec Corporation" - C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NISx64\1309000.009\SYMDS64.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NISx64\1309000.009\SYMEFA64.SYS
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
"Symantec Network Security WFP Driver" (SymNetS) - "Symantec Corporation" - C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
"Symantec Real Time Storage Protection (PEL) x64" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
"Symantec Real Time Storage Protection x64" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout64" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
Locked "Locked" - ? -   (File not found | COM-object registry key not found)
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
{11111111-1111-1111-1111-110011041198} "RewardsArcade" - ? - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll  (File not found)
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"AsusVibeLauncher.lnk" - ? - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ASUSPRP" - "ASUSTek Computer Inc." - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
"ASUSWebStorage" - "ecareme" - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
"ATKMEDIA" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
"ATKOSD2" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
"HControlUser" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
"Nuance PDF Reader-reminder" - "Nuance Communications, Inc." - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
"SonicMasterTray" - "Virage Logic Corporation / Sonic Focus" - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
"UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"Wireless Console 3" - ? - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"AFBAgent" (AFBAgent) - "ASUSTeK Computer Inc." - C:\Windows\system32\FBAgent.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
"ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"Intel(R) Turbo Boost Technology Monitor" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Wireless PAN DHCP Server" (MyWiFiDHCPDNS) - ? - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
und aswMBR (die Meldung, dass das Programm nicht mehr funktioniert wurde angezeigt, nach der Auswahl von "None" bei "AV-Scan" hat es aber dann funktioniert.:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-19 17:19:02
-----------------------------
17:19:02.654    OS Version: Windows x64 6.1.7601 Service Pack 1
17:19:02.654    Number of processors: 4 586 0x2A07
17:19:02.654    ComputerName: MICHAEL_LAPTOP  UserName: Michael
17:19:04.004    Initialize success
17:19:10.024    AVAST engine defs: 12101900
17:19:14.444    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:19:14.444    Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
17:19:14.474    Disk 0 MBR read successfully
17:19:14.474    Disk 0 MBR scan
17:19:14.484    Disk 0 Windows 7 default MBR code
17:19:14.484    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
17:19:14.504    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       286161 MB offset 52430848
17:19:14.534    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       403641 MB offset 638488576
17:19:14.574    Disk 0 scanning C:\Windows\system32\drivers
17:19:25.394    Service scanning
17:19:53.905    Modules scanning
17:19:53.915    Disk 0 trace - called modules:
17:19:53.965    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
17:19:53.985    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800691e060]
17:19:53.995    3 CLASSPNP.SYS[fffff88000fad43f] -> nt!IofCallDriver -> [0xfffffa80062d6e40]
17:19:54.005    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062da050]
17:19:54.015    Scan finished successfully
17:21:27.869    Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
17:21:27.869    The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
         

Alt 21.10.2012, 10:25   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.10.2012, 18:55   #26
mike-E-boy
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Hallo,
die Logs von Anti-Malware:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.21.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL_LAPTOP [Administrator]

21.10.2012 12:53:30
mbam-log-2012-10-21 (12-53-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 514985
Laufzeit: 2 Stunde(n), 14 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und SUPERAntispyware:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/21/2012 at 07:51 PM

Application Version : 5.6.1012

Core Rules Database Version : 9446
Trace Rules Database Version: 7258

Scan type       : Complete Scan
Total Scan Time : 02:30:20

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 736
Memory threats detected   : 0
Registry items scanned    : 78510
Registry threats detected : 0
File items scanned        : 276465
File threats detected     : 455

Adware.Tracking Cookie
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@account.norton[1].txt [ /account.norton ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\MN4Q2SFO.txt [ /collective-media.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\V1STCQ2H.txt [ /ad.modellismo.it ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\BL6DTI43.txt [ /mediaplex.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\VYFFVE6O.txt [ /ad.beepworld.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\9NMH1IEG.txt [ /www.googleadservices.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\9U6O0PPG.txt [ /maniapub.trackmania.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\0EEIE6KF.txt [ /maniahome.trackmania.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\M39TWQC9.txt [ /invitemedia.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\G0CQXWS3.txt [ /webmasterplan.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\YDOPTXCJ.txt [ /ads.creative-serving.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\UXCDXTWE.txt [ /tomtailor.dyntracker.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\EUDB5TL4.txt [ /ad.zanox.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\POTN7Y2Q.txt [ /server.adformdsp.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\J94JPB79.txt [ /openstat.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\2HF0CNSD.txt [ /ad.adc-serv.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\ZPD3WOXE.txt [ /ads.net2day.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\RWJOSV28.txt [ /amazon-adsystem.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\NY7ERHHV.txt [ /kontera.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\SLIAUZHT.txt [ /ad.yieldmanager.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\LSB0ABZB.txt [ /doubleclick.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\DF7NN8N2.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\KURUULJD.txt [ /zanox.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\WTFZ0JRQ.txt [ /revsci.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\HV1TIPD6.txt [ /imrworldwide.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\ZN1UG2T9.txt [ /ru4.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\VK28BY8P.txt [ /splash.trackmania.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\DAY831QQ.txt [ /www.googleadservices.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\67VLKGHC.txt [ /ad.360yield.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\VODTAUW0.txt [ /ads2.net2day.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\YF97G5K5.txt [ /im.banner.t-online.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\ST3JE8H0.txt [ /adx.chip.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\NP2Q8SID.txt [ /serving-sys.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\YJ5K41IP.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\5KMKMQSN.txt [ /ad.124-template.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\5P8XYNLV.txt [ /tracker.vinsight.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\OD17Z7D9.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\K3UKPOTW.txt [ /explore.trackmania.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\53090Q7V.txt [ /maniapub.trackmania.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\FFYCE39I.txt [ /www.etracker.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\5DE4BX2O.txt [ /ad.adnet.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\QAO7A2R8.txt [ /ad.ad-srv.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\M92YTIHR.txt [ /maniahome.trackmania.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\H5HB9X2G.txt [ /adtech.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\SIN2DASD.txt [ /ads.pubmatic.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\P0V9N68V.txt [ /adform.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\73EQSJXS.txt [ /clickfuse.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\006701U5.txt [ /7.rotator.wigetmedia.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\DXJ2RQA2.txt [ /accounts.google.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\T0U4QJPY.txt [ /track.adform.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\FH2GHZ1D.txt [ /elitegamers.biz ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\P09LXLMT.txt [ /adformdsp.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\NG9P4NNK.txt [ /atdmt.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\9652Q7NF.txt [ /adx2.chip.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\7HBXPJTI.txt [ /bs.serving-sys.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\D7B1C9NB.txt [ /stat.dealtime.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\UUSH7O8P.txt [ /eas.apm.emediate.eu ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\BMT6X0FX.txt [ /ww251.smartadserver.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\2EXLPLIS.txt [ /adbrite.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\OR57ZLHS.txt [ /ads1.ministerial5.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\IH8YKUAR.txt [ /fastclick.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\TSUVEBEC.txt [ /etargetnet.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\V4PXD7JB.txt [ /adserver.directcorp.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\JZK6VABB.txt [ /lucidmedia.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\LEONZAX8.txt [ /www.googleadservices.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\L52G1YN3.txt [ /c.atdmt.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\PEPBQ6A3.txt [ /zanox-affiliate.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\BBZGQ4RU.txt [ /xiti.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\HFT2SS37.txt [ /yadro.ru ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\R7137KT1.txt [ /a.revenuemax.de ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\TRI1CG33.txt [ /edsa.122.2o7.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\2XJXGSHA.txt [ /2o7.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\APVW7DQ1.txt [ /daimlerag.122.2o7.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\GAA4RWCZ.txt [ /casalemedia.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\CMDQU1HW.txt [ /tribalfusion.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\H22AM08G.txt [ /apmebf.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Z5OJKVUB.txt [ /adfarm1.adition.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\LSZ7G23U.txt [ /eas4.emediate.eu ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\MVLYVPJR.txt [ /advertising.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\V18SOPVX.txt [ /de.sitestat.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\AEES0WBQ.txt [ /tradedoubler.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\LO0WWLJF.txt [ /server.adform.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\UM7JRV9U.txt [ /adxpose.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\KYYK0GAZ.txt [ /questionmarket.com ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\VTFDZPN4.txt [ Cookie:michael@clkads.com/adServe ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\7OL4QH9Q.txt [ Cookie:michael@clkads.com/adServe/banners ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ERVYXKR.txt [ Cookie:michael@counter-strike.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CV1QYA2E.txt [ Cookie:michael@media.superillu.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\C5Y6PGD4.txt [ Cookie:michael@webmasterplan.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1UWRDE9.txt [ Cookie:michael@eas.apm.emediate.eu/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GT3Q8IA6.txt [ Cookie:michael@counter-strike.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\WO1J5BXG.txt [ Cookie:michael@track.effiliation.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YWRXVO7Z.txt [ Cookie:michael@accounts.youtube.com/accounts ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EIAYP3OQ.txt [ Cookie:michael@track.effiliation.com/servlet/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0O2IU12F.txt [ Cookie:michael@butlers.traffective-tracking.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\I9XMDU0Y.txt [ Cookie:michael@amazon-adsystem.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NWWFXFND.txt [ Cookie:michael@zanox-affiliate.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\KX96ZUQF.txt [ Cookie:michael@glamour.com/appjs/stats/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4WPLQB5Y.txt [ Cookie:michael@lfstmedia.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IOSYJ5U9.txt [ Cookie:michael@ad.zanox.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OHFQMEVS.txt [ Cookie:michael@zanox.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HG68XS9F.txt [ Cookie:michael@imrworldwide.com/cgi-bin ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9BCEEW23.txt [ Cookie:michael@ad.adserver01.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\R1MO64JE.txt [ Cookie:michael@7.rotator.wigetmedia.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4MYWKJ81.txt [ Cookie:michael@elitepvpers.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q4LIGFII.txt [ Cookie:michael@www.google.com/accounts ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BLU4QGTE.txt [ Cookie:michael@uk.sitestat.com/future/pcgamer/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NQCCJUPJ.txt [ Cookie:michael@clicksor.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3R6VMQCG.txt [ Cookie:michael@ad.adnet.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYRH5CMT.txt [ Cookie:michael@www.qsstats.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XMVYZTDV.txt [ Cookie:michael@eas4.emediate.eu/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\U4EYT13N.txt [ Cookie:michael@www.google.at/accounts ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9RWU7RPO.txt [ Cookie:michael@adxpose.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PUWG2ALK.txt [ Cookie:michael@interclick.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8DN1EGUA.txt [ Cookie:michael@adform.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2J3FL0PP.txt [ Cookie:michael@accounts.google.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\FK70SBAS.txt [ Cookie:michael@uk.sitestat.com/future/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HSOVYF5E.txt [ Cookie:michael@www.elitepvpers.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6LH5AYSE.txt [ Cookie:michael@media.photobucket.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SUIUD3PG.txt [ Cookie:michael@www.trackmania-carpark.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\D8O6TK1P.txt [ Cookie:michael@harrenmedianetwork.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2M1OKCVZ.txt [ Cookie:michael@lucidmedia.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NC200EGO.txt [ Cookie:michael@emediate.apmmedia.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2MZIBV0Z.txt [ Cookie:michael@glamour.com/images/nocount/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BSB037AH.txt [ Cookie:michael@count.asnetworks.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3CCZ6BL.txt [ Cookie:michael@livestat.derstandard.at/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GVXF15KE.txt [ Cookie:michael@partners.webmasterplan.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HKHJKYO4.txt [ Cookie:michael@server.cpmstar.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BSTH35WM.txt [ Cookie:michael@in.getclicky.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LZTDY3OV.txt [ Cookie:michael@forexyard.advertserve.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXLMJ7OS.txt [ Cookie:michael@ads2.net2day.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1OPWJB0S.txt [ Cookie:michael@im.banner.t-online.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP0Q1M3K.txt [ Cookie:michael@glamour.com/ads/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\QFRHJ53X.txt [ Cookie:michael@glamour.com/nocount/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CBJ3H1FU.txt [ Cookie:michael@ads4.net2day.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2XCCHN0.txt [ Cookie:michael@tracking.gameforge.de/track/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\VD3YH3AF.txt [ Cookie:michael@gostats.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\C63TSL8J.txt [ Cookie:michael@traffictrack.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\C5XYB5LA.txt [ Cookie:michael@mm.chitika.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\V0S5WXYI.txt [ Cookie:michael@008.free-counters.co.uk/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\F50JTUDI.txt [ Cookie:michael@track.visitorpath.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9A8JUVBC.txt [ Cookie:michael@www.oberon-media.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SDH9FUZK.txt [ Cookie:michael@4stats.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\A5U2HHN9.txt [ Cookie:michael@de.sitestat.com/idgcom-de/gamestar/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DX4Q79P5.txt [ Cookie:michael@pointroll.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9Y07J976.txt [ Cookie:michael@ads3.net2day.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0SWFMMZ1.txt [ Cookie:michael@dealtime.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SS8SMATF.txt [ Cookie:michael@tracking.oe24.at// ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\63XBKDK0.txt [ Cookie:michael@dc.tremormedia.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0J6D6STM.txt [ Cookie:michael@www.shefinds.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YV3J1II8.txt [ Cookie:michael@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1HUSVLA5.txt [ Cookie:michael@www.netdebit-counter.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UDT11D6Q.txt [ Cookie:michael@o1.qnsr.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0CR7KVBD.txt [ Cookie:michael@de-fourmedia.videoplaza.tv/proxy/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5YON587P.txt [ Cookie:michael@adserver.bauforum24.biz/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YHICA8BJ.txt [ Cookie:michael@qnsr.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PN652HNQ.txt [ Cookie:michael@teufel-media.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TA5CPCCG.txt [ Cookie:michael@glucklicher-leben.de/2010/06/24/was-fuer-maennergesichter-finden-frauen-wirklich-attraktiv/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XOSHSED4.txt [ Cookie:michael@trackmania.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MFXKQKEP.txt [ Cookie:michael@ads.gamersmedia.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0H3P6TYC.txt [ Cookie:michael@ad2.medialution.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LG4940ML.txt [ Cookie:michael@www.mediamarkt.at/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PAVXBJAX.txt [ Cookie:michael@tradetracker.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7KUBT1PK.txt [ Cookie:michael@www.findthatfile.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4RUJJBC8.txt [ Cookie:michael@zanox.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OK2TZDQC.txt [ Cookie:michael@legolas-media.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWRZV8TI.txt [ Cookie:michael@trackmania-carpark.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\V41NHPVF.txt [ Cookie:michael@banner.testberichte.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8APHA1G0.txt [ Cookie:michael@adserverc.acc-hd.de/adserver/itag/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DZXKJXD5.txt [ Cookie:michael@adverticum.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7ZC8R2SW.txt [ Cookie:michael@delivery.way2traffic.com/campaign=2068/view/14410 ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3YB966JZ.txt [ Cookie:michael@navtracks.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\AY3O3TSR.txt [ Cookie:michael@quartermedia.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\X603LM9V.txt [ Cookie:michael@ads.gamesbannernet.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\N8XY3B1P.txt [ Cookie:michael@adserver.doccheck.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TKH6D7L6.txt [ Cookie:michael@e-2dj6wjliuncpwfp.stats.esomniture.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y9Z7JB6P.txt [ Cookie:michael@ero-advertising.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SWTNO1FD.txt [ Cookie:michael@account.norton.com/amsweb/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PODFIWAQ.txt [ Cookie:michael@www.conversiontrackingsystem.com/overlay/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DHRL27FM.txt [ Cookie:michael@www.usenext.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\OE5WS3ZG.txt [ Cookie:michael@server.adform.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RYUZB6KA.txt [ Cookie:michael@eyewonder.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XU94Q4AZ.txt [ Cookie:michael@zbox.zanox.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PZRKYDT7.txt [ Cookie:michael@de.sitestat.com/idgcom-de/projekt2/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EONLWV3W.txt [ Cookie:michael@adserver.strategyinformer.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\URPF9SN4.txt [ Cookie:michael@histats.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9U3FQL27.txt [ Cookie:michael@www.downloadfilecrack.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\6MBRCX68.txt [ Cookie:michael@delivery.way2traffic.com/tracker=858/track ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TS78KW8G.txt [ Cookie:michael@www.directadvert.ru/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TSEHMZ26.txt [ Cookie:michael@tomtailor.dyntracker.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MRVSSF9Q.txt [ Cookie:michael@delivery.way2traffic.com/campaign=2068 ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TCPBLV0K.txt [ Cookie:michael@www.republicofadvertising.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EA62HWEX.txt [ Cookie:michael@mh.motorpresse-statistik.de/track/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CSC3PZ04.txt [ Cookie:michael@sniperelitev2.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\N87CJO52.txt [ Cookie:michael@clickcash.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\AD1D89P3.txt [ Cookie:michael@ad6media.fr/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LXFQL7GV.txt [ Cookie:michael@games.mediamarkt.at/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3K6VU13V.txt [ Cookie:michael@track.adjal.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RBQHR88N.txt [ Cookie:michael@delivery.way2traffic.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RT6LEVFN.txt [ Cookie:michael@saymedia.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1X4RPBWU.txt [ Cookie:michael@sniperelitev2.com/de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GRUR68N1.txt [ Cookie:michael@directadvert.ru/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PZUF3O63.txt [ Cookie:michael@adx.roodo.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UTA09ZDE.txt [ Cookie:michael@easy-web-stats.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\63MFZYLY.txt [ Cookie:michael@adsonar.com/adserving ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\EDO39L0L.txt [ Cookie:michael@ads1.moonchildmedia.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\C2FHJW2N.txt [ Cookie:michael@adserver.nsadev.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\K7M9YBBK.txt [ Cookie:michael@count.primawebtools.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RIYHQUHI.txt [ Cookie:michael@google.com/accounts/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UC43H9MI.txt [ Cookie:michael@server.adformdsp.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\MFMXUC05.txt [ Cookie:michael@adnetwork.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4I4SB4AZ.txt [ Cookie:michael@www.mediafire.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\W4DSJDU5.txt [ Cookie:michael@c.gigcount.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJ0G943Z.txt [ Cookie:michael@www.moviepilot.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPL7AZ8T.txt [ Cookie:michael@www.antwortenfinden.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z705LO91.txt [ Cookie:michael@sexmedpedia.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\66DUJXAM.txt [ Cookie:michael@adserver.gb5.motorpresse.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4PZRGB28.txt [ Cookie:michael@de.sitestat.com/idgcom-de/tecchannel/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HCFCX0N5.txt [ Cookie:michael@adserver.ps3m.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TUD047GK.txt [ Cookie:michael@clkads.com/adServe ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9GMXZ4SX.txt [ Cookie:michael@de.sitestat.com/ndr/ndr/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\L6FLQD5F.txt [ Cookie:michael@tracking.trafficcaptain.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\F35U2DNG.txt [ Cookie:michael@engine.letsstat.nl/core/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PICXHBWF.txt [ Cookie:michael@etargetnet.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\AHRGB3I1.txt [ Cookie:michael@tracking.mobile.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1LAXTICQ.txt [ Cookie:michael@my-adserver.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GY88ED9C.txt [ Cookie:michael@indieclick.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3N1XP0DE.txt [ Cookie:michael@unister-adservices.com/campaign/conversion/22 ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\WDKZJ6HW.txt [ Cookie:michael@otclick-adv.ru/core ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2K6LVPNV.txt [ Cookie:michael@stats.vertriebsassistent.de/track/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\UUGGGMKJ.txt [ Cookie:michael@clkads.com/adServe/banners ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SDBDZG47.txt [ Cookie:michael@tracking.affiliates.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\AGFV57CE.txt [ Cookie:michael@accounts.google.com/o ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3AUZK03X.txt [ Cookie:michael@tracking1.aleadpay.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\K1V432U0.txt [ Cookie:michael@banner.lv.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BN1404JE.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1051120015/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\2GS2A9TJ.txt [ Cookie:michael@eas3.emediate.se/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\K98VY2KI.txt [ Cookie:michael@adformdsp.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\KJUZH4VF.txt [ Cookie:michael@rts.pgmediaserve.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\J65UK39K.txt [ Cookie:michael@geoadserving.coffeetree.info/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8M8X1MX5.txt [ Cookie:michael@optimize.indieclick.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\60AB8QJX.txt [ Cookie:michael@stats.yme.com/dcsmm6y3q0000004zhgx8uuaa_9g7g ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7E1VURBJ.txt [ Cookie:michael@adinterax.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\11283MHM.txt [ Cookie:michael@e-2dj6wjnygpcjmco.stats.esomniture.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\K4O5LHGO.txt [ Cookie:michael@moviepilot.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\P1F0BNU1.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1072534660/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\G060V2Z3.txt [ Cookie:michael@adserver.yopi.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3IJVYMGF.txt [ Cookie:michael@www.nextag.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\PSZ1CE8K.txt [ Cookie:michael@cnzz.mmstat.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1DZTBVKE.txt [ Cookie:michael@fr.sitestat.com/eurosport/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\AR1RL29P.txt [ Cookie:michael@mmstat.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\SFBYOA1Z.txt [ Cookie:michael@rihannanudesextape.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZFYJGR12.txt [ Cookie:michael@openx.mediasense.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DT8V8Q5E.txt [ Cookie:michael@mediathek.daserste.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NLGPK9D6.txt [ Cookie:michael@imagevenue.advertserve.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DDLIHOUS.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1016525333/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\X1PTH4VA.txt [ Cookie:michael@fr.sitestat.com/eurosport/yahoode/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XSAMFFFE.txt [ Cookie:michael@nextag.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\05FWVCFY.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1067886644/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3LISDWIP.txt [ Cookie:michael@a.intentmedia.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9MYX3QUT.txt [ Cookie:michael@adserver.sevenload.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCPQU8DZ.txt [ Cookie:michael@urbia.wwe-media.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\K50JV85F.txt [ Cookie:michael@adserver.fotografie.at/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\NY50JQPC.txt [ Cookie:michael@www.maxfunadserver.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VKX48SX.txt [ Cookie:michael@www.clickclickclick.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW0QBEU1.txt [ Cookie:michael@ads1.vtxnet.ch/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JQ6FD9EH.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1072182529/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\QGCE2IGF.txt [ Cookie:michael@banner.electronic-arts.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLH6V5JO.txt [ Cookie:michael@advert.uloz.to/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BQWHEVYA.txt [ Cookie:michael@in.mydirtyhobby.com/track/PXkVAGAU/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\X8S3W0A3.txt [ Cookie:michael@elitegamers.biz/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\RUPAI3NH.txt [ Cookie:michael@adx2.chip.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\DGTFMB3X.txt [ Cookie:michael@geoadserve2.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\R1BKZGWD.txt [ Cookie:michael@banners.gossipcenter.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3VE61NC.txt [ Cookie:michael@impactmedia.at/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FR4P4UL.txt [ Cookie:michael@eas5.emediate.eu/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\J4OU3YQ8.txt [ Cookie:michael@intext.billboard.cz/core/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\300TDZHO.txt [ Cookie:michael@questions.technicpack.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BQYUT13C.txt [ Cookie:michael@nfm-adserver.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8YSWIYRW.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1072426157/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UGEWEV8.txt [ Cookie:michael@de.sitestat.com/otto-eu/at/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XA39U005.txt [ Cookie:michael@adserver.directcorp.de/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8PR2QCOV.txt [ Cookie:michael@commons.wikimedia.org/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z5W6ZF77.txt [ Cookie:michael@7.rotator.trafficbee.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ISMY4AM.txt [ Cookie:michael@1click-downloader.net/ ]
	C:\USERS\MICHAEL\Cookies\BL6DTI43.txt [ Cookie:michael@mediaplex.com/ ]
	C:\USERS\MICHAEL\Cookies\9NMH1IEG.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1057167729/ ]
	C:\USERS\MICHAEL\Cookies\0EEIE6KF.txt [ Cookie:michael@maniahome.trackmania.com/add/ ]
	C:\USERS\MICHAEL\Cookies\M39TWQC9.txt [ Cookie:michael@invitemedia.com/ ]
	C:\USERS\MICHAEL\Cookies\G0CQXWS3.txt [ Cookie:michael@webmasterplan.com/ ]
	C:\USERS\MICHAEL\Cookies\VTFDZPN4.txt [ Cookie:michael@clkads.com/adServe ]
	C:\USERS\MICHAEL\Cookies\UXCDXTWE.txt [ Cookie:michael@tomtailor.dyntracker.com/ ]
	C:\USERS\MICHAEL\Cookies\EUDB5TL4.txt [ Cookie:michael@ad.zanox.com/ ]
	C:\USERS\MICHAEL\Cookies\POTN7Y2Q.txt [ Cookie:michael@server.adformdsp.net/ ]
	C:\USERS\MICHAEL\Cookies\RWJOSV28.txt [ Cookie:michael@amazon-adsystem.com/ ]
	C:\USERS\MICHAEL\Cookies\NY7ERHHV.txt [ Cookie:michael@kontera.com/ ]
	C:\USERS\MICHAEL\Cookies\LSB0ABZB.txt [ Cookie:michael@doubleclick.net/ ]
	C:\USERS\MICHAEL\Cookies\7OL4QH9Q.txt [ Cookie:michael@clkads.com/adServe/banners ]
	C:\USERS\MICHAEL\Cookies\KURUULJD.txt [ Cookie:michael@zanox.com/ ]
	C:\USERS\MICHAEL\Cookies\michael@account.norton[1].txt [ Cookie:michael@account.norton.com/ ]
	C:\USERS\MICHAEL\Cookies\HV1TIPD6.txt [ Cookie:michael@imrworldwide.com/cgi-bin ]
	C:\USERS\MICHAEL\Cookies\VK28BY8P.txt [ Cookie:michael@splash.trackmania.com/display/ ]
	C:\USERS\MICHAEL\Cookies\DAY831QQ.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1002072985/ ]
	C:\USERS\MICHAEL\Cookies\VODTAUW0.txt [ Cookie:michael@ads2.net2day.de/ ]
	C:\USERS\MICHAEL\Cookies\YF97G5K5.txt [ Cookie:michael@im.banner.t-online.de/ ]
	C:\USERS\MICHAEL\Cookies\NP2Q8SID.txt [ Cookie:michael@serving-sys.com/ ]
	C:\USERS\MICHAEL\Cookies\YJ5K41IP.txt [ Cookie:michael@ad1.adfarm1.adition.com/ ]
	C:\USERS\MICHAEL\Cookies\OD17Z7D9.txt [ Cookie:michael@ad3.adfarm1.adition.com/ ]
	C:\USERS\MICHAEL\Cookies\K3UKPOTW.txt [ Cookie:michael@explore.trackmania.com/ ]
	C:\USERS\MICHAEL\Cookies\53090Q7V.txt [ Cookie:michael@maniapub.trackmania.com/banner/click/ ]
	C:\USERS\MICHAEL\Cookies\5DE4BX2O.txt [ Cookie:michael@ad.adnet.de/ ]
	C:\USERS\MICHAEL\Cookies\M92YTIHR.txt [ Cookie:michael@maniahome.trackmania.com/ ]
	C:\USERS\MICHAEL\Cookies\P0V9N68V.txt [ Cookie:michael@adform.net/ ]
	C:\USERS\MICHAEL\Cookies\006701U5.txt [ Cookie:michael@7.rotator.wigetmedia.com/ ]
	C:\USERS\MICHAEL\Cookies\DXJ2RQA2.txt [ Cookie:michael@accounts.google.com/ ]
	C:\USERS\MICHAEL\Cookies\T0U4QJPY.txt [ Cookie:michael@track.adform.net/ ]
	C:\USERS\MICHAEL\Cookies\FH2GHZ1D.txt [ Cookie:michael@elitegamers.biz/ ]
	C:\USERS\MICHAEL\Cookies\P09LXLMT.txt [ Cookie:michael@adformdsp.net/ ]
	C:\USERS\MICHAEL\Cookies\NG9P4NNK.txt [ Cookie:michael@atdmt.com/ ]
	C:\USERS\MICHAEL\Cookies\9652Q7NF.txt [ Cookie:michael@adx2.chip.de/ ]
	C:\USERS\MICHAEL\Cookies\7HBXPJTI.txt [ Cookie:michael@bs.serving-sys.com/ ]
	C:\USERS\MICHAEL\Cookies\UUSH7O8P.txt [ Cookie:michael@eas.apm.emediate.eu/ ]
	C:\USERS\MICHAEL\Cookies\2EXLPLIS.txt [ Cookie:michael@adbrite.com/ ]
	C:\USERS\MICHAEL\Cookies\OR57ZLHS.txt [ Cookie:michael@ads1.ministerial5.com/ ]
	C:\USERS\MICHAEL\Cookies\IH8YKUAR.txt [ Cookie:michael@fastclick.net/ ]
	C:\USERS\MICHAEL\Cookies\TSUVEBEC.txt [ Cookie:michael@etargetnet.com/ ]
	C:\USERS\MICHAEL\Cookies\V4PXD7JB.txt [ Cookie:michael@adserver.directcorp.de/ ]
	C:\USERS\MICHAEL\Cookies\JZK6VABB.txt [ Cookie:michael@lucidmedia.com/ ]
	C:\USERS\MICHAEL\Cookies\LEONZAX8.txt [ Cookie:michael@www.googleadservices.com/pagead/conversion/1036980325/ ]
	C:\USERS\MICHAEL\Cookies\L52G1YN3.txt [ Cookie:michael@c.atdmt.com/ ]
	C:\USERS\MICHAEL\Cookies\PEPBQ6A3.txt [ Cookie:michael@zanox-affiliate.de/ ]
	C:\USERS\MICHAEL\Cookies\BBZGQ4RU.txt [ Cookie:michael@xiti.com/ ]
	C:\USERS\MICHAEL\Cookies\HFT2SS37.txt [ Cookie:michael@yadro.ru/ ]
	C:\USERS\MICHAEL\Cookies\APVW7DQ1.txt [ Cookie:michael@daimlerag.122.2o7.net/ ]
	C:\USERS\MICHAEL\Cookies\GAA4RWCZ.txt [ Cookie:michael@casalemedia.com/ ]
	C:\USERS\MICHAEL\Cookies\H22AM08G.txt [ Cookie:michael@apmebf.com/ ]
	C:\USERS\MICHAEL\Cookies\Z5OJKVUB.txt [ Cookie:michael@adfarm1.adition.com/ ]
	C:\USERS\MICHAEL\Cookies\LSZ7G23U.txt [ Cookie:michael@eas4.emediate.eu/ ]
	C:\USERS\MICHAEL\Cookies\MVLYVPJR.txt [ Cookie:michael@advertising.com/ ]
	C:\USERS\MICHAEL\Cookies\V18SOPVX.txt [ Cookie:michael@de.sitestat.com/otto-eu/at/ ]
	C:\USERS\MICHAEL\Cookies\AEES0WBQ.txt [ Cookie:michael@tradedoubler.com/ ]
	C:\USERS\MICHAEL\Cookies\LO0WWLJF.txt [ Cookie:michael@server.adform.net/ ]
	C:\USERS\MICHAEL\Cookies\UM7JRV9U.txt [ Cookie:michael@adxpose.com/ ]
	149.memecounter.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	account.goodgamestudios.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	ad.adverticum.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	aka-cdn-ns.adtech.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	cdnx.tribalfusion.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	core.saymedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	delivery.ibanner.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	ds.serving-sys.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	ia.media-imdb.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	images.newmedia.lu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	imagesrv.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	macromedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	media.bose.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	media.kyte.tv [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	media.mtvnservices.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	media1.break.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	s0.2mdn.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	secure-us.imrworldwide.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	track.webgains.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\246X3C2Q ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	ads.saymedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.saymedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.saymedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.game-advertising-online.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.flagcounter.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	zbox.zanox.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	teufel-media.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	tomtailor.dyntracker.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	imagevenue.advertserve.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	imagevenue.advertserve.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	ads.adultwebads.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYZKGQJI.DEFAULT\COOKIES.SQLITE ]
         

Alt 22.10.2012, 09:31   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.10.2012, 12:28   #28
mike-E-boy
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Hallo,
das mit den Cookies werde ich mir noch anschauen. Prinzipiell stört mich die Werbung aber nicht wirklich.
Den Laptop kann ich jetzt wieder normal verwenden. Allerdings habe ich eine Sicherheitskopie von meinen Schulsachen auf meinem USB-Stick gemacht, nachdem der Virus auf dem Laptop war. Kann es sein, dass auf dem Stick noch schädliche Daten sind?

Alt 22.10.2012, 12:36   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Zitat:
Kann es sein, dass auf dem Stick noch schädliche Daten sind?
Schadsoftware ist prinzipiell NIE unmöglich!

Automatische Wiedergabe deaktivieren

Windows XP: Zur Vereinfachung hab ich mal die noautoplay.reg hochgeladen. Lad das auf dem Desktop herunter, führ die Datei aus und bestätige mit ja. Nach einem Neustart des Rechners ist die automatische Wiedergabe (von Datenträgern) auf allen Laufwerken deaktiviert, d.h. keine CD, kein Stick oder sonstwas startet nach dem Einstecken mehr automatisch.

Windows Vista/7: In der Systemsteuerung unter automatische Wiedergabe von CDs und anderen Medien alles deaktivieren. => siehe auch Einstellungen für automatische Wiedergabe ändern

Prüf den Stick dann mit einem Virenscanner deiner Wahl. 100% Sicherheit gibt es bekanntlich nicht.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.10.2012, 16:01   #30
mike-E-boy
 
Österreichischer Polizei Virus - Standard

Österreichischer Polizei Virus



Hallo,
ich habe den Stick gerade mit Anti-Malware gescannt, dabei wurden keine infizierten Dateien gefunden.
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.21.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL_LAPTOP [Administrator]

22.10.2012 16:56:09
mbam-log-2012-10-22 (16-56-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 249472
Laufzeit: 3 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Antwort

Themen zu Österreichischer Polizei Virus
abgesicherten, anti-malware, anwendung, brauche, entdeck, kinox.to, laptop, malwarebytes, modus, msconfig, ordner, programme, pup.rewardsarcade, schule, seite, systemstart, trojan.agent, trojan.fakems, verdächtige, virus, wichtig, zugreifen




Ähnliche Themen: Österreichischer Polizei Virus


  1. Österreichischer Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 19.11.2013 (3)
  2. Österreichischer Polizei Virus - auch im abgesicherten Modus
    Log-Analyse und Auswertung - 17.11.2013 (7)
  3. Österreichischer Polizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (10)
  4. Österreichischer Polizei-Virus mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (6)
  5. Österreichischer Polizei Trojaner sperrt Win 7 Laptop
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (8)
  6. Österreichischer Polizei Trojaner Windows XP
    Plagegeister aller Art und deren Bekämpfung - 17.11.2012 (33)
  7. Österreichischer Polizeitrojaner auf XP
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (15)
  8. Österreichischer Polizei Virus
    Log-Analyse und Auswertung - 02.11.2012 (20)
  9. österreichischer BKA-Trojaner
    Log-Analyse und Auswertung - 01.11.2012 (18)
  10. Österreichischer Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (8)
  11. Österreichischer polizeiVirus $. September 2012
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (5)
  12. Österreichischer Polizei Virus nach Movie2k Film
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (4)
  13. österreichischer BKA-Virus
    Log-Analyse und Auswertung - 05.10.2012 (2)
  14. Österreichischer Polizeitrojaner auf Windows XP
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (29)
  15. Polizei Einheit 5.2 Virus Österreich Virus
    Log-Analyse und Auswertung - 05.08.2012 (14)
  16. Österreichischer Polizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (18)
  17. Task-manager durch virus blockiert, Polizei-virus
    Log-Analyse und Auswertung - 02.04.2012 (1)

Zum Thema Österreichischer Polizei Virus - Und die Extras.txt Code: Alles auswählen Aufklappen ATTFilter OTL Extras logfile created on: 15.10.2012 16:08:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop 64bit- Home Premium - Österreichischer Polizei Virus...
Archiv
Du betrachtest: Österreichischer Polizei Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.