Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll File not found
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files (x86)\FreeRIP Toolbar\IE\4.7\freeripToolbarIE.dll File not found
O2 - BHO: (no name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found.
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files (x86)\FreeRIP Toolbar\IE\4.7\freeripToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7242f609-0e0f-11e0-8158-001966d640e5}\Shell - "" = AutoRun
O33 - MountPoints2\{7242f609-0e0f-11e0-8158-001966d640e5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{975257b6-4a65-11df-b326-001966d640e5}\Shell - "" = AutoRun
O33 - MountPoints2\{975257b6-4a65-11df-b326-001966d640e5}\Shell\AutoRun\command - "" = E:\TmUnitedForever_Setup.exe
:Files
C:\Windows\Internet Logs
C:\Users\garry\AppData\Roaming\CheckPoint
C:\Program Files\CheckPoint
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Winamp Toolbar
C:\Program Files (x86)\FreeRIP Toolbar
C:\Program Files (x86)\AskTBar
C:\Program Files (x86)\PriceGong
C:\Program Files (x86)\Skype\Toolbars
:Commands
[emptytemp]
[resethosts]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Okay, alles ausgeführt. Hier ist der log.

Code: Alles auswählenAufklappen

ATTFilter

 All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E634228A-03CF-4BC8-B0AB-668257F1FD8C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Search\ deleted successfully.
C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Search\ not found.
File C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7242f609-0e0f-11e0-8158-001966d640e5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7242f609-0e0f-11e0-8158-001966d640e5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7242f609-0e0f-11e0-8158-001966d640e5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7242f609-0e0f-11e0-8158-001966d640e5}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{975257b6-4a65-11df-b326-001966d640e5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{975257b6-4a65-11df-b326-001966d640e5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{975257b6-4a65-11df-b326-001966d640e5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{975257b6-4a65-11df-b326-001966d640e5}\ not found.
File E:\TmUnitedForever_Setup.exe not found.
========== FILES ==========
C:\Windows\Internet Logs folder moved successfully.
C:\Users\garry\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\TrustChecker folder moved successfully.
C:\Users\garry\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\PTPCACHE folder moved successfully.
C:\Users\garry\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar folder moved successfully.
C:\Users\garry\AppData\Roaming\CheckPoint folder moved successfully.
C:\Program Files\CheckPoint\ZAForceField folder moved successfully.
C:\Program Files\CheckPoint folder moved successfully.
File\Folder C:\Program Files (x86)\Ask.com not found.
File\Folder C:\Program Files (x86)\Winamp Toolbar not found.
File\Folder C:\Program Files (x86)\FreeRIP Toolbar not found.
C:\Program Files (x86)\AskTBar\bar\Settings folder moved successfully.
C:\Program Files (x86)\AskTBar\bar\History folder moved successfully.
C:\Program Files (x86)\AskTBar\bar\Cache folder moved successfully.
C:\Program Files (x86)\AskTBar\bar\1.bin folder moved successfully.
C:\Program Files (x86)\AskTBar\bar folder moved successfully.
C:\Program Files (x86)\AskTBar folder moved successfully.
File\Folder C:\Program Files (x86)\PriceGong not found.
C:\Program Files (x86)\Skype\Toolbars\Shared folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: garry
->Temp folder emptied: 2341645893 bytes
->Temporary Internet Files folder emptied: 375084580 bytes
->Java cache emptied: 82106 bytes
->FireFox cache emptied: 74228937 bytes
->Flash cache emptied: 7516 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109531886 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119624 bytes
RecycleBin emptied: 8322817 bytes
 
Total Files Cleaned = 2.776,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12312011_192216

Files\Folders moved on Reboot...
C:\Users\garry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Wie gehts weiter?

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Hallo Arne,

hier der log des TDSS Killers.

Code: Alles auswählenAufklappen

ATTFilter

 12:28:58.0798 1864	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
12:28:58.0971 1864	============================================================
12:28:58.0971 1864	Current date / time: 2012/01/02 12:28:58.0971
12:28:58.0971 1864	SystemInfo:
12:28:58.0971 1864	
12:28:58.0972 1864	OS Version: 6.1.7601 ServicePack: 1.0
12:28:58.0972 1864	Product type: Workstation
12:28:58.0972 1864	ComputerName: LARRY
12:28:58.0973 1864	UserName: garry
12:28:58.0974 1864	Windows directory: C:\Windows
12:28:58.0974 1864	System windows directory: C:\Windows
12:28:58.0974 1864	Running under WOW64
12:28:58.0974 1864	Processor architecture: Intel x64
12:28:58.0974 1864	Number of processors: 2
12:28:58.0974 1864	Page size: 0x1000
12:28:58.0974 1864	Boot type: Normal boot
12:28:58.0974 1864	============================================================
12:28:59.0804 1864	Initialize success
12:29:36.0984 3012	============================================================
12:29:36.0984 3012	Scan started
12:29:36.0984 3012	Mode: Manual; SigCheck; TDLFS; 
12:29:36.0984 3012	============================================================
12:29:37.0689 3012	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:29:37.0817 3012	1394ohci - ok
12:29:37.0892 3012	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:29:37.0913 3012	ACPI - ok
12:29:37.0930 3012	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:29:37.0991 3012	AcpiPmi - ok
12:29:38.0033 3012	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:29:38.0058 3012	adp94xx - ok
12:29:38.0078 3012	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:29:38.0091 3012	adpahci - ok
12:29:38.0117 3012	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:29:38.0128 3012	adpu320 - ok
12:29:38.0191 3012	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:29:38.0235 3012	AFD - ok
12:29:38.0279 3012	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:29:38.0295 3012	agp440 - ok
12:29:38.0331 3012	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:29:38.0344 3012	aliide - ok
12:29:38.0356 3012	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:29:38.0370 3012	amdide - ok
12:29:38.0395 3012	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:29:38.0442 3012	AmdK8 - ok
12:29:38.0472 3012	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:29:38.0493 3012	AmdPPM - ok
12:29:38.0527 3012	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:29:38.0536 3012	amdsata - ok
12:29:38.0551 3012	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:29:38.0562 3012	amdsbs - ok
12:29:38.0579 3012	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:29:38.0588 3012	amdxata - ok
12:29:38.0628 3012	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:29:38.0731 3012	AppID - ok
12:29:38.0781 3012	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:29:38.0790 3012	arc - ok
12:29:38.0808 3012	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:29:38.0817 3012	arcsas - ok
12:29:38.0848 3012	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:29:38.0942 3012	AsyncMac - ok
12:29:39.0007 3012	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:29:39.0015 3012	atapi - ok
12:29:39.0058 3012	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
12:29:39.0111 3012	avgntflt - ok
12:29:39.0178 3012	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
12:29:39.0190 3012	avipbb - ok
12:29:39.0226 3012	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:29:39.0277 3012	b06bdrv - ok
12:29:39.0301 3012	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:29:39.0344 3012	b57nd60a - ok
12:29:39.0373 3012	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:29:39.0423 3012	Beep - ok
12:29:39.0468 3012	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:29:39.0491 3012	blbdrive - ok
12:29:39.0542 3012	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:29:39.0576 3012	bowser - ok
12:29:39.0604 3012	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:29:39.0653 3012	BrFiltLo - ok
12:29:39.0670 3012	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:29:39.0683 3012	BrFiltUp - ok
12:29:39.0706 3012	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:29:39.0736 3012	Brserid - ok
12:29:39.0754 3012	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:29:39.0775 3012	BrSerWdm - ok
12:29:39.0792 3012	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:29:39.0810 3012	BrUsbMdm - ok
12:29:39.0824 3012	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:29:39.0845 3012	BrUsbSer - ok
12:29:39.0861 3012	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:29:39.0882 3012	BTHMODEM - ok
12:29:39.0918 3012	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:29:39.0949 3012	cdfs - ok
12:29:39.0977 3012	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:29:39.0995 3012	cdrom - ok
12:29:40.0018 3012	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:29:40.0039 3012	circlass - ok
12:29:40.0083 3012	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:29:40.0105 3012	CLFS - ok
12:29:40.0146 3012	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:29:40.0165 3012	CmBatt - ok
12:29:40.0197 3012	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:29:40.0212 3012	cmdide - ok
12:29:40.0258 3012	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
12:29:40.0289 3012	CNG - ok
12:29:40.0301 3012	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:29:40.0309 3012	Compbatt - ok
12:29:40.0334 3012	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:29:40.0364 3012	CompositeBus - ok
12:29:40.0379 3012	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:29:40.0387 3012	crcdisk - ok
12:29:40.0443 3012	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:29:40.0478 3012	DfsC - ok
12:29:40.0512 3012	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:29:40.0541 3012	discache - ok
12:29:40.0569 3012	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:29:40.0579 3012	Disk - ok
12:29:40.0608 3012	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:29:40.0631 3012	drmkaud - ok
12:29:40.0684 3012	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:29:40.0715 3012	DXGKrnl - ok
12:29:40.0788 3012	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:29:40.0866 3012	ebdrv - ok
12:29:40.0900 3012	ElbyCDIO        (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:29:40.0908 3012	ElbyCDIO - ok
12:29:40.0937 3012	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:29:40.0953 3012	elxstor - ok
12:29:40.0982 3012	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:29:41.0010 3012	ErrDev - ok
12:29:41.0050 3012	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:29:41.0083 3012	exfat - ok
12:29:41.0110 3012	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:29:41.0150 3012	fastfat - ok
12:29:41.0173 3012	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:29:41.0201 3012	fdc - ok
12:29:41.0229 3012	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:29:41.0238 3012	FileInfo - ok
12:29:41.0252 3012	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:29:41.0290 3012	Filetrace - ok
12:29:41.0310 3012	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:29:41.0329 3012	flpydisk - ok
12:29:41.0377 3012	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:29:41.0398 3012	FltMgr - ok
12:29:41.0418 3012	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:29:41.0427 3012	FsDepends - ok
12:29:41.0443 3012	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:29:41.0453 3012	Fs_Rec - ok
12:29:41.0478 3012	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:29:41.0491 3012	fvevol - ok
12:29:41.0505 3012	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:29:41.0514 3012	gagp30kx - ok
12:29:41.0543 3012	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:29:41.0568 3012	hcw85cir - ok
12:29:41.0617 3012	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:29:41.0649 3012	HdAudAddService - ok
12:29:41.0683 3012	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:29:41.0713 3012	HDAudBus - ok
12:29:41.0745 3012	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:29:41.0766 3012	HidBatt - ok
12:29:41.0780 3012	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:29:41.0805 3012	HidBth - ok
12:29:41.0820 3012	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:29:41.0833 3012	HidIr - ok
12:29:41.0873 3012	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:29:41.0899 3012	HidUsb - ok
12:29:41.0936 3012	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:29:41.0945 3012	HpSAMD - ok
12:29:41.0994 3012	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:29:42.0037 3012	HTTP - ok
12:29:42.0081 3012	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:29:42.0090 3012	hwpolicy - ok
12:29:42.0129 3012	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:29:42.0140 3012	i8042prt - ok
12:29:42.0173 3012	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:29:42.0187 3012	iaStorV - ok
12:29:42.0228 3012	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:29:42.0237 3012	iirsp - ok
12:29:42.0259 3012	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:29:42.0268 3012	intelide - ok
12:29:42.0287 3012	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:29:42.0306 3012	intelppm - ok
12:29:42.0344 3012	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:29:42.0372 3012	IpFilterDriver - ok
12:29:42.0411 3012	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:29:42.0423 3012	IPMIDRV - ok
12:29:42.0439 3012	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:29:42.0478 3012	IPNAT - ok
12:29:42.0495 3012	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:29:42.0519 3012	IRENUM - ok
12:29:42.0565 3012	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:29:42.0577 3012	isapnp - ok
12:29:42.0610 3012	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:29:42.0630 3012	iScsiPrt - ok
12:29:42.0646 3012	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:29:42.0660 3012	kbdclass - ok
12:29:42.0685 3012	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:29:42.0702 3012	kbdhid - ok
12:29:42.0737 3012	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
12:29:42.0747 3012	KSecDD - ok
12:29:42.0793 3012	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
12:29:42.0810 3012	KSecPkg - ok
12:29:42.0842 3012	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:29:42.0898 3012	ksthunk - ok
12:29:42.0920 3012	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:29:42.0957 3012	lltdio - ok
12:29:42.0985 3012	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:29:42.0994 3012	LSI_FC - ok
12:29:43.0007 3012	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:29:43.0017 3012	LSI_SAS - ok
12:29:43.0029 3012	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:29:43.0038 3012	LSI_SAS2 - ok
12:29:43.0058 3012	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:29:43.0068 3012	LSI_SCSI - ok
12:29:43.0093 3012	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:29:43.0131 3012	luafv - ok
12:29:43.0176 3012	LVRS64          (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
12:29:43.0193 3012	LVRS64 - ok
12:29:43.0286 3012	LVUVC64         (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
12:29:43.0384 3012	LVUVC64 - ok
12:29:43.0415 3012	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
12:29:43.0422 3012	MBAMProtector - ok
12:29:43.0450 3012	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:29:43.0458 3012	megasas - ok
12:29:43.0478 3012	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:29:43.0490 3012	MegaSR - ok
12:29:43.0513 3012	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:29:43.0552 3012	Modem - ok
12:29:43.0571 3012	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:29:43.0595 3012	monitor - ok
12:29:43.0634 3012	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:29:43.0642 3012	mouclass - ok
12:29:43.0656 3012	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:29:43.0667 3012	mouhid - ok
12:29:43.0695 3012	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:29:43.0705 3012	mountmgr - ok
12:29:43.0731 3012	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:29:43.0741 3012	mpio - ok
12:29:43.0767 3012	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:29:43.0810 3012	mpsdrv - ok
12:29:43.0842 3012	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:29:43.0865 3012	MRxDAV - ok
12:29:43.0906 3012	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:29:43.0934 3012	mrxsmb - ok
12:29:43.0977 3012	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:29:44.0009 3012	mrxsmb10 - ok
12:29:44.0042 3012	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:29:44.0054 3012	mrxsmb20 - ok
12:29:44.0088 3012	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:29:44.0097 3012	msahci - ok
12:29:44.0113 3012	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:29:44.0122 3012	msdsm - ok
12:29:44.0167 3012	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:29:44.0204 3012	Msfs - ok
12:29:44.0216 3012	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:29:44.0251 3012	mshidkmdf - ok
12:29:44.0269 3012	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:29:44.0278 3012	msisadrv - ok
12:29:44.0301 3012	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:29:44.0335 3012	MSKSSRV - ok
12:29:44.0359 3012	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:29:44.0397 3012	MSPCLOCK - ok
12:29:44.0426 3012	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:29:44.0463 3012	MSPQM - ok
12:29:44.0504 3012	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:29:44.0518 3012	MsRPC - ok
12:29:44.0552 3012	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:29:44.0561 3012	mssmbios - ok
12:29:44.0580 3012	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:29:44.0619 3012	MSTEE - ok
12:29:44.0637 3012	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:29:44.0653 3012	MTConfig - ok
12:29:44.0669 3012	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:29:44.0694 3012	Mup - ok
12:29:44.0724 3012	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:29:44.0747 3012	NativeWifiP - ok
12:29:44.0815 3012	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:29:44.0836 3012	NDIS - ok
12:29:44.0853 3012	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:29:44.0883 3012	NdisCap - ok
12:29:44.0896 3012	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:29:44.0936 3012	NdisTapi - ok
12:29:44.0959 3012	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:29:45.0002 3012	Ndisuio - ok
12:29:45.0033 3012	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:29:45.0071 3012	NdisWan - ok
12:29:45.0112 3012	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:29:45.0144 3012	NDProxy - ok
12:29:45.0173 3012	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:29:45.0210 3012	NetBIOS - ok
12:29:45.0267 3012	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:29:45.0321 3012	NetBT - ok
12:29:45.0381 3012	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:29:45.0390 3012	nfrd960 - ok
12:29:45.0420 3012	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:29:45.0456 3012	Npfs - ok
12:29:45.0482 3012	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:29:45.0524 3012	nsiproxy - ok
12:29:45.0580 3012	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:29:45.0637 3012	Ntfs - ok
12:29:45.0660 3012	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:29:45.0697 3012	Null - ok
12:29:45.0927 3012	nvlddmkm        (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:29:46.0210 3012	nvlddmkm - ok
12:29:46.0282 3012	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:29:46.0299 3012	nvraid - ok
12:29:46.0318 3012	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:29:46.0328 3012	nvstor - ok
12:29:46.0364 3012	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:29:46.0375 3012	nv_agp - ok
12:29:46.0405 3012	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:29:46.0440 3012	ohci1394 - ok
12:29:46.0472 3012	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:29:46.0484 3012	Parport - ok
12:29:46.0532 3012	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:29:46.0541 3012	partmgr - ok
12:29:46.0579 3012	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:29:46.0589 3012	pci - ok
12:29:46.0622 3012	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:29:46.0631 3012	pciide - ok
12:29:46.0650 3012	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:29:46.0662 3012	pcmcia - ok
12:29:46.0686 3012	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:29:46.0695 3012	pcw - ok
12:29:46.0720 3012	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:29:46.0768 3012	PEAUTH - ok
12:29:46.0839 3012	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:29:46.0877 3012	PptpMiniport - ok
12:29:46.0892 3012	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:29:46.0908 3012	Processor - ok
12:29:46.0952 3012	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:29:46.0994 3012	Psched - ok
12:29:47.0032 3012	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:29:47.0077 3012	ql2300 - ok
12:29:47.0101 3012	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:29:47.0111 3012	ql40xx - ok
12:29:47.0131 3012	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:29:47.0156 3012	QWAVEdrv - ok
12:29:47.0172 3012	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:29:47.0210 3012	RasAcd - ok
12:29:47.0235 3012	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:29:47.0264 3012	RasAgileVpn - ok
12:29:47.0310 3012	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:29:47.0368 3012	Rasl2tp - ok
12:29:47.0397 3012	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:29:47.0439 3012	RasPppoe - ok
12:29:47.0456 3012	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:29:47.0496 3012	RasSstp - ok
12:29:47.0535 3012	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:29:47.0576 3012	rdbss - ok
12:29:47.0587 3012	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:29:47.0611 3012	rdpbus - ok
12:29:47.0623 3012	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:29:47.0662 3012	RDPCDD - ok
12:29:47.0682 3012	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:29:47.0723 3012	RDPENCDD - ok
12:29:47.0736 3012	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:29:47.0766 3012	RDPREFMP - ok
12:29:47.0797 3012	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:29:47.0842 3012	RDPWD - ok
12:29:47.0875 3012	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:29:47.0885 3012	rdyboost - ok
12:29:47.0926 3012	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:29:47.0969 3012	rspndr - ok
12:29:47.0999 3012	RTL8167         (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:29:48.0012 3012	RTL8167 - ok
12:29:48.0040 3012	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:29:48.0051 3012	sbp2port - ok
12:29:48.0095 3012	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:29:48.0149 3012	scfilter - ok
12:29:48.0188 3012	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:29:48.0227 3012	secdrv - ok
12:29:48.0252 3012	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:29:48.0264 3012	Serenum - ok
12:29:48.0282 3012	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:29:48.0305 3012	Serial - ok
12:29:48.0336 3012	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:29:48.0347 3012	sermouse - ok
12:29:48.0389 3012	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:29:48.0412 3012	sffdisk - ok
12:29:48.0419 3012	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:29:48.0441 3012	sffp_mmc - ok
12:29:48.0448 3012	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:29:48.0477 3012	sffp_sd - ok
12:29:48.0504 3012	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:29:48.0525 3012	sfloppy - ok
12:29:48.0556 3012	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:29:48.0566 3012	SiSRaid2 - ok
12:29:48.0589 3012	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:29:48.0599 3012	SiSRaid4 - ok
12:29:48.0623 3012	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:29:48.0662 3012	Smb - ok
12:29:48.0705 3012	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:29:48.0713 3012	spldr - ok
12:29:48.0757 3012	sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
12:29:48.0757 3012	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
12:29:48.0759 3012	sptd ( LockedFile.Multi.Generic ) - warning
12:29:48.0759 3012	sptd - detected LockedFile.Multi.Generic (1)
12:29:48.0807 3012	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:29:48.0844 3012	srv - ok
12:29:48.0879 3012	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:29:48.0907 3012	srv2 - ok
12:29:48.0952 3012	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:29:48.0980 3012	srvnet - ok
12:29:49.0022 3012	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:29:49.0037 3012	stexstor - ok
12:29:49.0080 3012	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:29:49.0095 3012	swenum - ok
12:29:49.0174 3012	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:29:49.0239 3012	Tcpip - ok
12:29:49.0279 3012	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:29:49.0310 3012	TCPIP6 - ok
12:29:49.0349 3012	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:29:49.0387 3012	tcpipreg - ok
12:29:49.0412 3012	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:29:49.0442 3012	TDPIPE - ok
12:29:49.0452 3012	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:29:49.0489 3012	TDTCP - ok
12:29:49.0529 3012	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:29:49.0570 3012	tdx - ok
12:29:49.0609 3012	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:29:49.0619 3012	TermDD - ok
12:29:49.0662 3012	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:29:49.0699 3012	tssecsrv - ok
12:29:49.0730 3012	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:29:49.0751 3012	TsUsbFlt - ok
12:29:49.0790 3012	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:29:49.0824 3012	tunnel - ok
12:29:49.0847 3012	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:29:49.0857 3012	uagp35 - ok
12:29:49.0893 3012	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:29:49.0934 3012	udfs - ok
12:29:49.0979 3012	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:29:49.0995 3012	uliagpkx - ok
12:29:50.0036 3012	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:29:50.0059 3012	umbus - ok
12:29:50.0081 3012	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:29:50.0108 3012	UmPass - ok
12:29:50.0169 3012	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:29:50.0200 3012	usbaudio - ok
12:29:50.0220 3012	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:29:50.0255 3012	usbccgp - ok
12:29:50.0279 3012	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:29:50.0313 3012	usbcir - ok
12:29:50.0334 3012	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:29:50.0356 3012	usbehci - ok
12:29:50.0406 3012	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:29:50.0434 3012	usbhub - ok
12:29:50.0475 3012	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:29:50.0499 3012	usbohci - ok
12:29:50.0528 3012	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:29:50.0557 3012	usbprint - ok
12:29:50.0578 3012	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:29:50.0606 3012	USBSTOR - ok
12:29:50.0620 3012	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:29:50.0640 3012	usbuhci - ok
12:29:50.0668 3012	VClone          (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
12:29:50.0690 3012	VClone - ok
12:29:50.0728 3012	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:29:50.0743 3012	vdrvroot - ok
12:29:50.0768 3012	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:29:50.0782 3012	vga - ok
12:29:50.0794 3012	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:29:50.0834 3012	VgaSave - ok
12:29:50.0865 3012	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:29:50.0877 3012	vhdmp - ok
12:29:50.0894 3012	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:29:50.0903 3012	viaide - ok
12:29:50.0932 3012	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:29:50.0941 3012	volmgr - ok
12:29:50.0988 3012	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:29:51.0001 3012	volmgrx - ok
12:29:51.0021 3012	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:29:51.0033 3012	volsnap - ok
12:29:51.0064 3012	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:29:51.0075 3012	vsmraid - ok
12:29:51.0099 3012	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:29:51.0121 3012	vwifibus - ok
12:29:51.0138 3012	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:29:51.0155 3012	WacomPen - ok
12:29:51.0190 3012	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:51.0227 3012	WANARP - ok
12:29:51.0241 3012	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:51.0270 3012	Wanarpv6 - ok
12:29:51.0299 3012	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:29:51.0308 3012	Wd - ok
12:29:51.0333 3012	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:29:51.0350 3012	Wdf01000 - ok
12:29:51.0376 3012	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:29:51.0406 3012	WfpLwf - ok
12:29:51.0422 3012	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:29:51.0431 3012	WIMMount - ok
12:29:51.0485 3012	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:29:51.0508 3012	WinUsb - ok
12:29:51.0526 3012	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:29:51.0538 3012	WmiAcpi - ok
12:29:51.0557 3012	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:29:51.0595 3012	ws2ifsl - ok
12:29:51.0635 3012	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:29:51.0674 3012	WudfPf - ok
12:29:51.0705 3012	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:29:51.0742 3012	WUDFRd - ok
12:29:51.0760 3012	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:29:51.0870 3012	\Device\Harddisk0\DR0 - ok
12:29:51.0874 3012	Boot (0x1200)   (1b20caf158eaad23477aa9a8317139d0) \Device\Harddisk0\DR0\Partition0
12:29:51.0875 3012	\Device\Harddisk0\DR0\Partition0 - ok
12:29:51.0876 3012	============================================================
12:29:51.0877 3012	Scan finished
12:29:51.0877 3012	============================================================
12:29:51.0892 2804	Detected object count: 1
12:29:51.0892 2804	Actual detected object count: 1
12:48:39.0029 2804	sptd ( LockedFile.Multi.Generic ) - skipped by user
12:48:39.0029 2804	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
12:48:58.0474 4036	Deinitialize success
         

Noch kurz ein Hinweis: Ich werde berufsbedingt die nächsten Tage unterwegs sein, und kann deswegen nicht sofort reagieren wenn Du mir den nächsten Schritt schickst. Ich habe hier im Forum gesehen, dass Mandate nach 3 Tagen ohne Rückmeldung niedergelegt werden, und wollte Dich bitten, dies in diesem Fall nicht zu tun. Du kannst mir einfach den nächsten Schritt hier posten und ich werde ihn spätestens nächstes Wochenende ausführen.

Vielen Dank!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Okay, Combofix ausgeführt und das hier ist die logdatei:

Code: Alles auswählenAufklappen

ATTFilter

Combofix Logfile:

	
Code: 

Alles auswählenAufklappen 
ATTFilter

  
	
ComboFix 12-01-06.03 - garry 07.01.2012  15:35:22.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3263.2163 [GMT 1:00]
ausgeführt von:: c:\users\garry\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\garry\AppData\Roaming\dwlGina3.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-07 bis 2012-01-07  ))))))))))))))))))))))))))))))
.
.
2012-01-07 14:39 . 2012-01-07 14:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-07 14:26 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{09363A2A-5C9F-477C-8AD3-440C0B63060B}\mpengine.dll
2011-12-30 03:03 . 2011-12-30 03:03	--------	d-----w-	c:\program files (x86)\ESET
2011-12-30 02:03 . 2011-12-30 02:03	--------	d-----w-	c:\users\garry\AppData\Roaming\Malwarebytes
2011-12-30 02:00 . 2011-12-30 02:00	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-30 02:00 . 2011-12-30 02:00	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-30 02:00 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-27 09:09 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2011-12-27 09:09 . 2011-12-27 03:47	--------	d-----w-	C:\_OTL
2011-12-26 07:10 . 2011-12-26 07:23	--------	d-----w-	C:\Malwarebytes' Anti-Malware
2011-12-25 16:12 . 2011-12-25 19:44	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2011-12-18 19:36 . 2011-12-18 19:36	--------	d-----w-	c:\windows\system32\Macromed
2011-12-16 21:37 . 2011-11-24 04:52	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-12-16 21:37 . 2011-10-15 06:31	723456	----a-w-	c:\windows\system32\EncDec.dll
2011-12-16 21:37 . 2011-10-15 05:38	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-16 21:37 . 2011-11-05 05:32	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-16 21:37 . 2011-11-05 04:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 19:38 . 2011-06-12 11:32	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 13:29 . 2010-03-20 17:39	270720	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="c:\program files (x86)\PPStream\ppsap.exe" [2010-02-24 214408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-05 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-12 281768]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-05 136360]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-PriceGong - c:\program files (x86)\PriceGong\uninst.exe
AddRemove-Winamp Toolbar - c:\program files (x86)\Winamp Toolbar\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1749393697-2492884230-3525210288-1000\Software\SecuROM\License information*]
"datasecu"=hex:70,46,99,c5,fa,c7,d6,2c,b3,21,50,40,ef,d9,7e,1d,66,61,11,2e,96,
   91,70,eb,47,d6,29,60,35,94,6b,f9,1c,c2,d4,9a,50,88,9e,29,50,04,fa,b4,d3,90,\
"rkeysecu"=hex:aa,2d,c4,ca,c2,6d,a1,98,6f,68,f0,2b,73,62,35,0c
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\IoctlSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-07  15:44:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-07 14:44
.
Vor Suchlauf: 18 Verzeichnis(se), 389.597.216.768 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 389.068.849.152 Bytes frei
.
- - End Of File - - 918620FEBCD4DDA0CA49433624D43CE9
         
 
--- --- ---
         

Was jetzt?

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Hier die Logdatei:

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-07 17:03:46
-----------------------------
17:03:46.633    OS Version: Windows x64 6.1.7601 Service Pack 1
17:03:46.636    Number of processors: 2 586 0x170A
17:03:46.637    ComputerName: LARRY  UserName: garry
17:03:49.314    Initialize success
17:06:28.138    AVAST engine defs: 12010700
17:09:41.641    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:09:41.644    Disk 0 Vendor: STM3500418AS CC35 Size: 476940MB BusType: 3
17:09:41.653    Disk 0 MBR read successfully
17:09:41.656    Disk 0 MBR scan
17:09:41.662    Disk 0 Windows 7 default MBR code
17:09:41.667    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476938 MB offset 2048
17:09:41.672    Service scanning
17:09:44.291    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:09:45.398    Modules scanning
17:09:45.403    Disk 0 trace - called modules:
17:09:45.423    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80033d92c0]<<
17:09:45.426    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800368f060]
17:09:45.430    3 CLASSPNP.SYS[fffff88001bcb43f] -> nt!IofCallDriver -> [0xfffffa8003517e40]
17:09:45.758    5 ACPI.sys[fffff880010447a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8003544060]
17:09:45.764    \Driver\atapi[0xfffffa80034ecd60] -> IRP_MJ_CREATE -> 0xfffffa80033d92c0
17:09:48.152    AVAST engine scan C:\Windows
17:09:52.813    AVAST engine scan C:\Windows\system32
17:11:47.494    AVAST engine scan C:\Windows\system32\drivers
17:12:00.456    AVAST engine scan C:\Users\garry
17:21:46.428    AVAST engine scan C:\ProgramData
17:23:11.112    Scan finished successfully
17:27:36.664    Disk 0 MBR has been saved successfully to "C:\Users\garry\Downloads\MBR.dat"
17:27:36.669    The log file has been saved successfully to "C:\Users\garry\Downloads\aswMBR.txt"
         

Kurz eine Frage: Wieviele Schritte sind es noch? Kannst Du mir kurz sagen, wonach wir eigentlich suchen? Vielen Dank!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Malwarebytes Scan:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
garry :: LARRY [Administrator]

Schutz: Aktiviert

07.01.2012 20:18:57
mbam-log-2012-01-07 (20-18-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 370549
Laufzeit: 44 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

SASW log:

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/07/2012 at 09:21 PM

Application Version : 5.0.1142

Core Rules Database Version : 8112
Trace Rules Database Version: 5924

Scan type       : Quick Scan
Total Scan Time : 00:09:59

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 550
Memory threats detected   : 0
Registry items scanned    : 61305
Registry threats detected : 0
File items scanned        : 28358
File threats detected     : 426

Adware.Tracking Cookie
	C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\M1C0K6UZ.txt [ /2o7.net ]
	C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\VG2D09JU.txt [ /atdmt.com ]
	C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\REFAT3GM.txt [ /questionmarket.com ]
	C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\EP45TYQQ.txt [ /c.atdmt.com ]
	C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\E8T9GQKN.txt [ /doubleclick.net ]
	C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\QYIN0OVB.txt [ /mediav.com ]
	C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\ZMYE3S63.txt [ /microsoftwllivemkt.112.2o7.net ]
	C:\USERS\GARRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\VAL06FFD.txt [ Cookie:garry@2o7.net/ ]
	C:\USERS\GARRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\WX79CELJ.txt [ Cookie:garry@atdmt.com/ ]
	C:\USERS\GARRY\Cookies\M1C0K6UZ.txt [ Cookie:garry@2o7.net/ ]
	C:\USERS\GARRY\Cookies\VG2D09JU.txt [ Cookie:garry@atdmt.com/ ]
	C:\USERS\GARRY\Cookies\REFAT3GM.txt [ Cookie:garry@questionmarket.com/ ]
	C:\USERS\GARRY\Cookies\EP45TYQQ.txt [ Cookie:garry@c.atdmt.com/ ]
	C:\USERS\GARRY\Cookies\E8T9GQKN.txt [ Cookie:garry@doubleclick.net/ ]
	C:\USERS\GARRY\Cookies\QYIN0OVB.txt [ Cookie:garry@mediav.com/ ]
	.doubleclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	adserver.adreactor.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ads.247activemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	adsrv1.admediate.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.leylines.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.leylines.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.leylines.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.leylines.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.autoscout24.112.2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad.adition.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	medianac.nacamar.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.germanwings.112.2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.opodo.122.2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	airfrance.bannerfactory.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.a.revenuemax.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tracking.mindshare.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.content.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	www.ad-track.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ads.adxvalue.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad.adserver01.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.pmu3.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.pmu3.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.pmu3.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.pmu3.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.openstat.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.spylog.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	webclickmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	webclickengine.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.sfr.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.sfr.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.sfr.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.sfr.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	adserver2.clipkit.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.viacom.adbureau.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.viacom.adbureau.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.viacom.adbureau.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adlegend.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adlegend.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ad-emea.doubleclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ad-emea.doubleclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ad-emea.doubleclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	tracking.mlsat02.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.blogads.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.blogads.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.olympiaverlag.122.2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
         

ESET scan

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=35f9a08f42ac7f40949d4756a8bcd331
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-30 04:23:46
# local_time=2011-12-30 05:23:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 0 61754917 1103 0
# compatibility_mode=5893 16776573 100 94 0 76844311 0 0
# compatibility_mode=8192 67108863 100 0 3879 3879 0 0
# compatibility_mode=9217 16777214 75 66 11297271 27175163 0 0
# scanned=215441
# found=18
# cleaned=0
# scan_time=4565
C:\Program Files (x86)\AskTBar\bar\1.bin\A5POPSWT.DLL	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Users\garry\AppData\Local\Temp\NERO14992\Toolbar.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
C:\Users\garry\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe	a variant of Win32/SweetIM.B application (unable to clean)	00000000000000000000000000000000	I
C:\Users\garry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\358d72cc-4ecd8dc1	Java/Exploit.CVE-2011-3544.L trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\garry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\150cad71-34025faa	Java/Exploit.CVE-2011-3544.L trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\garry\Downloads\freeripmp3.61-setup.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\garry\Downloads\SoftonicDownloader_fuer_magix-mp3-maker.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\garry\Downloads\SweetImSetup.exe	a variant of Win32/SweetIM.B application (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\40094e8.msi	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\12272011_040919\C_Program Files (x86)\Application Updater\ApplicationUpdater.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\12272011_040919\C_Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\12272011_040919\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=35f9a08f42ac7f40949d4756a8bcd331
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 10:38:10
# local_time=2012-01-07 11:38:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 0 62512229 21902 0
# compatibility_mode=5893 16776573 100 94 27601 77601623 0 0
# compatibility_mode=8192 67108863 100 0 761191 761191 0 0
# scanned=201068
# found=14
# cleaned=0
# scan_time=4117
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Users\garry\Downloads\freeripmp3.61-setup.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\garry\Downloads\SoftonicDownloader_fuer_magix-mp3-maker.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\garry\Downloads\SweetImSetup.exe	a variant of Win32/SweetIM.B application (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\40094e8.msi	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\12272011_040919\C_Program Files (x86)\Application Updater\ApplicationUpdater.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\12272011_040919\C_Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\12272011_040919\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\12312011_192216\C_Program Files (x86)\AskTBar\bar\1.bin\A5POPSWT.DLL	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
         

Was jetzt?

Da sind nur Cookies und ein paar Adware-Reste.
Löschen wir mit OTL

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:Files
C:\Program Files (x86)\Common Files\Spigot
C:\Users\garry\Downloads\freeripmp3.61-setup.exe
C:\Users\garry\Downloads\SoftonicDownloader*
C:\Users\garry\Downloads\SweetImSetup.exe
:Commands
[emptytemp]
[resethosts]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Okay, fix in OTL durchgeführt. Hier das log:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== FILES ==========
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Users\garry\Downloads\freeripmp3.61-setup.exe moved successfully.
C:\Users\garry\Downloads\SoftonicDownloader_fuer_magix-mp3-maker.exe moved successfully.
C:\Users\garry\Downloads\SweetImSetup.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: garry
->Temp folder emptied: 176296710 bytes
->Temporary Internet Files folder emptied: 50370571 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 116449226 bytes
->Flash cache emptied: 3255 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1678 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 327,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01082012_033454

Files\Folders moved on Reboot...
C:\Users\garry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Was jetzt?

Ok der Rest wurde auch entfernt. Den Ornder C:\_OTL kannst du jetzt meinetwegen auch löschen
Rechner soweit wieder im Lot?

Hallo Arne,

soweit ich es überblicken kann, ist der Rechner jetzt wieder in Ordnung. Ich habe es geschafft, die Desktop Icons wiederbekommen (durch eigene Recherche), und der Task Manager ist auch nicht mehr gesperrt. Ich habe noch nicht alle Programme wieder ausprobiert, aber das wichtigste war ja, erstmal wieder Zugriff auf den Rechner zu bekommen.

Abschließend möchte ich noch sagen, dass ich es wirklich fantastisch finde, dass ihr mir und anderen Computergeplagten hier quasi umsonst aus der Patsche helft! Ich hätte mich über ein wenig mehr Kommunikation gefreut (also dass auch auf meine Fragen mehr eingegangen wird und sie vielleicht auch mal beantwortet werden), aber da ihr sehr viele Anfragen bekommt kann ich schon verstehen, dass dies hier kein Chat ist sondern ein Forum wo einem geholfen wird (auch wenn man nachher nicht wirklich nachvollziehen kann was am Anfang mit dem Rechner schief gelaufen ist oder was genau gemacht wurde um das Problem zu beheben). Auf jeden Fall läuft mein Rechner jetzt wieder, und ich werde jetzt alle Dateien sichern bevor es weitergeht.

Danke nochmal an Dich!

Vielleicht noch eine kurze Frage zum Abschluss: Was soll ich mit den Programmen machen, die ich im Zuge unserer Rettungsaktion auf den Computer geladen habe (Malwarebytes, SASW, ESET ...)? Soll ich die genauso löschen wie OTL?

Beste Grüße,
Doppelgrunz

Zitat:

Ich hätte mich über ein wenig mehr Kommunikation gefreut

Ich beantworte immer Fragen wenn ich das kann aber sowas mach ich wirklich nicht gerne in einer laufenden Bereinigung weil man dann immer wieder vom Thema wegkommt. Ich hab das anfangs mal gemacht aber mittlerweile nicht mehr. Fragen beantowrte ich wenn man soweit durch ist.

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.