Mediashifting.com mit TR/Sirefef.J.637

F0ggy · 17.01.2012, 16:47

ComboFix.txt Log:

Code:

ATTFilter

ComboFix 12-01-17.01 - *** 17.01.2012  16:15:17.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3071.1953 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20101105114011.log
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico
c:\users\***\AppData\Local\46f8b494\U\00000001.@
c:\users\***\AppData\Local\46f8b494\U\000000c0.@
c:\users\***\AppData\Local\46f8b494\U\000000cb.@
c:\users\***\AppData\Local\46f8b494\U\000000cf.@
c:\users\***\AppData\Local\46f8b494\U\800000c0.@
c:\users\***\AppData\Local\46f8b494\U\800000cb.@
c:\users\***\AppData\Local\46f8b494\U\800000cf.@
c:\users\***\AppData\Local\assembly\tmp
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8A0F366F-CDC6-4F7B-8FD2-863C6668E9C7}.xps
c:\users\***\AppData\Roaming\Local
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Wolken.divx
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Wolken.divx.ddr
c:\windows\$NtUninstallKB3475$\1190704276\@
c:\windows\$NtUninstallKB3475$\1190704276\L\xadqgnnk
c:\windows\$NtUninstallKB3475$\1190704276\loader.tlb
c:\windows\$NtUninstallKB3475$\1190704276\U\@00000001
c:\windows\$NtUninstallKB3475$\1190704276\U\@000000c0
c:\windows\$NtUninstallKB3475$\1190704276\U\@000000cb
c:\windows\$NtUninstallKB3475$\1190704276\U\@000000cf
c:\windows\$NtUninstallKB3475$\1190704276\U\@80000000
c:\windows\$NtUninstallKB3475$\1190704276\U\@800000c0
c:\windows\$NtUninstallKB3475$\1190704276\U\@800000cb
c:\windows\$NtUninstallKB3475$\1190704276\U\@800000cf
c:\windows\$NtUninstallKB3475$\4235332216
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\isdrv120.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
E:\install.exe
F:\install.exe
c:\windows\$NtUninstallKB3475$ . . . . Nicht in der Lage zu löschen
.
c:\windows\system32\drivers\netbt.sys fehlte 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvidesm
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-17 bis 2012-01-17  ))))))))))))))))))))))))))))))
.
.
2012-01-17 15:26 . 2012-01-17 15:29	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-01-15 08:24 . 2012-01-15 08:24	--------	d-----w-	c:\program files\ESET
2012-01-14 14:21 . 2012-01-14 14:21	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-01-14 14:21 . 2012-01-14 14:21	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-14 14:21 . 2012-01-14 14:21	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-14 14:21 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-13 22:58 . 2012-01-13 22:58	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-01-13 22:55 . 2012-01-17 14:56	0	--sha-w-	c:\windows\system32\dds_log_trash.cmd
2012-01-13 22:53 . 2012-01-15 19:43	--------	d-sh--w-	c:\users\***\AppData\Local\46f8b494
2012-01-13 12:35 . 2012-01-13 12:35	--------	d-----w-	c:\programdata\MemeoCommon
2012-01-13 08:45 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9029A33-9E76-42FE-B42C-7947F8EFB9F5}\mpengine.dll
2012-01-12 18:14 . 2012-01-12 18:14	--------	d-----w-	c:\users\***\riotsGamesLogs
2012-01-12 18:14 . 2012-01-12 18:14	--------	d-----w-	c:\users\***\AppData\Roaming\LolClient
2012-01-12 14:44 . 2008-07-12 07:18	467984	----a-w-	c:\windows\system32\d3dx10_39.dll
2012-01-12 14:44 . 2008-07-12 07:18	1493528	----a-w-	c:\windows\system32\D3DCompiler_39.dll
2012-01-12 14:44 . 2008-07-12 07:18	3851784	----a-w-	c:\windows\system32\D3DX9_39.dll
2012-01-12 14:13 . 2012-01-12 19:58	--------	d-----w-	c:\users\***\AppData\Local\PMB Files
2012-01-12 14:13 . 2012-01-12 19:58	--------	d-----w-	c:\programdata\PMB Files
2012-01-12 14:12 . 2012-01-12 14:12	--------	d-----w-	c:\program files\Pando Networks
2012-01-11 19:07 . 2011-11-17 05:38	1288472	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 19:07 . 2011-11-19 14:01	67072	----a-w-	c:\windows\system32\packager.dll
2012-01-11 19:07 . 2011-10-26 04:32	514560	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 19:07 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 18:51 . 2012-01-11 18:51	249856	------w-	c:\windows\Setup1.exe
2012-01-11 18:51 . 2012-01-11 18:51	73216	----a-w-	c:\windows\ST6UNST.EXE
2012-01-10 22:39 . 2012-01-10 22:39	--------	d-----w-	c:\program files\Wondershare
2012-01-08 18:40 . 2012-01-08 18:40	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-08 18:40 . 2012-01-08 18:40	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-08 18:40 . 2012-01-08 18:40	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-08 18:40 . 2012-01-08 18:40	43992	----a-w-	c:\program files\Mozilla Firefox\mozutils.dll
2012-01-07 12:18 . 2012-01-13 13:52	--------	d-----w-	c:\users\***\AppData\Roaming\MediaMonkey
2012-01-06 16:53 . 2012-01-06 16:53	--------	d-----w-	c:\users\***\AppData\Roaming\Microsoft Robocopy GUI
2012-01-06 16:53 . 2012-01-06 16:53	--------	d-----w-	c:\program files\Microsoft
2011-12-24 10:53 . 2011-12-24 10:53	--------	d-----w-	c:\users\***\AppData\Roaming\Memeo
2011-12-24 10:52 . 2011-12-24 10:52	--------	d-----w-	c:\program files\Common Files\Memeo
2011-12-24 10:52 . 2011-12-24 10:52	--------	d-----w-	c:\program files\Memeo
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-13 22:54 . 2011-05-19 09:55	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-22 17:31 . 2010-07-08 14:30	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2011-12-08 13:46 . 2011-10-29 22:53	134856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-24 04:25 . 2011-12-16 08:51	2342912	----a-w-	c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2009-10-25 16:06	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-11-10 17:40 . 2011-11-10 17:40	768848	----a-w-	c:\windows\system32\msvcr100.dll
2011-11-10 17:40 . 2011-11-10 17:40	421200	----a-w-	c:\windows\system32\msvcp100.dll
2011-11-05 04:26 . 2011-12-16 08:51	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-16 13:45	1798144	----a-w-	c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-16 13:45	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-16 13:45	1127424	----a-w-	c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-16 13:45	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-31 10:22 . 2011-03-07 11:44	4659712	----a-w-	c:\windows\system32\Redemption.dll
2011-10-31 10:22 . 2011-10-31 10:22	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2011-10-31 10:22 . 2011-10-31 10:22	325552	----a-w-	c:\windows\MASetupCaller.dll
2011-10-31 10:22 . 2011-10-31 10:22	30568	----a-w-	c:\windows\MusiccityDownload.exe
2011-10-31 10:22 . 2011-03-05 15:12	821824	----a-w-	c:\windows\system32\dgderapi.dll
2011-10-27 01:25 . 2011-11-26 11:19	98560	----a-w-	c:\windows\system32\drivers\sscebus.sys
2011-10-27 01:25 . 2011-11-26 11:19	14848	----a-w-	c:\windows\system32\drivers\sscemdfl.sys
2011-10-27 01:25 . 2011-11-26 11:19	12416	----a-w-	c:\windows\system32\drivers\sscecmnt.sys
2011-10-27 01:25 . 2011-11-26 11:19	12416	----a-w-	c:\windows\system32\drivers\sscecm.sys
2011-10-27 01:25 . 2011-11-26 11:19	123648	----a-w-	c:\windows\system32\drivers\sscemdm.sys
2011-10-27 01:25 . 2011-11-26 11:19	12288	----a-w-	c:\windows\system32\drivers\sscewhnt.sys
2011-10-27 01:25 . 2011-11-26 11:19	12288	----a-w-	c:\windows\system32\drivers\sscewh.sys
2011-10-27 01:25 . 2011-11-26 11:19	100352	----a-w-	c:\windows\system32\drivers\ssceserd.sys
2011-10-26 04:47 . 2011-12-16 08:51	3967856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:47 . 2011-12-16 08:51	3912560	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-26 04:28 . 2011-12-16 08:51	38912	----a-w-	c:\windows\system32\csrsrv.dll
2012-01-08 18:40 . 2011-04-24 08:49	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23	1385864	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"="c:\program files\System\StrokeIt\StrokeIt.exe" [2009-06-16 24712]
"Dexpot"="c:\program files\Dexpot\dexpot.exe" [2011-11-08 1421312]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-12-02 935312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power Manager"="c:\program files\Gembird\Power Manager\pm.exe" [2010-12-09 10043392]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-06 7772704]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2011-11-10 1993728]
speedfan.lnk - c:\program files\System\SpeedFan\speedfan.exe [2009-11-25 4009592]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Virtual Router Manager.lnk - c:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29	64592	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
R2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-12-08 342480]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-19 463824]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [2011-05-24 22464]
R3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-19 101904]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 25864]
R3 Cap7146_DVB;Cinergy 1200 DVB-S Capture (BDA);c:\windows\system32\Drivers\TTCinCap.sys [2007-09-17 62976]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2011-03-07 29248]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2011-03-07 29248]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 23048]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-03-18 40912]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PTDVB;Cinergy 1200 DVB-S Tuner (BDA);c:\windows\system32\Drivers\TTCinTun.sys [2007-09-17 117120]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-01-30 205312]
R3 SCL01132;SCL011 Contactless Reader;c:\windows\system32\DRIVERS\SCL01132.sys [2010-05-07 61824]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2011-10-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2011-10-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2011-10-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2011-10-27 100352]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\DRIVERS\wg121nd5.sys [2003-11-28 337216]
R4 SamsungAllShare;Samsung AllShare PC Service;c:\program files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [2011-05-24 7237024]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2010-04-18 110304]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 FileOpenManagerSvc;FileOpenManagerSvc;c:\programdata\FileOpen\Services\FileOpenManagerSvc32.exe [2011-03-09 212352]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-28 233472]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-15 25824]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-08-12 135616]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - NETBT
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
zpaction
qserver
nvidesm
gmer
nvatabus
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{3305EA17-9DD5-466B-BBBB-F59126F609D7}: NameServer = 192.168.0.1
TCP: Interfaces\{3ECBE26F-7263-4D95-808F-2A256DEA3283}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\
FF - prefs.js: browser.startup.homepage - hxxp://www.schnaeppchenfuchs.com/blog/ | hxxp://www.sparbote.de/ | hxxp://www.google.de/ig | hxxp://beck-aktuell.beck.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
.
.
------- Dateityp-Verknüpfung -------
.
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{108A39BF-4ED1-4293-B11A-06BD521FB8F7} - c:\progra~2\TARMAI~1\{108A3~1\Setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-9 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
error: Read  Das Zeitlimit für die Semaphore wurde erreicht.
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3813850378-2622415271-2154893954-1000\Software\SecuROM\License information*]
"datasecu"=hex:20,02,7d,4e,1a,72,4e,43,03,6f,84,78,df,3a,86,ab,5f,67,f3,86,49,
   3b,a6,85,b9,d1,f0,ad,6d,cf,62,e4,ce,8a,ad,0c,d3,7c,96,3f,28,e2,cb,0d,fa,38,\
"rkeysecu"=hex:7d,4a,06,1d,e5,91,f6,40,e3,a3,db,77,c6,a2,25,08
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-17  16:33:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-17 15:33
.
Vor Suchlauf: 16 Verzeichnis(se), 36.661.063.680 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 37.031.071.744 Bytes frei
.
- - End Of File - - FCC252B91648D6BC2016450B0BEE0FA3

cosinus · 17.01.2012, 21:16

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

KillAll::
Dirlook::
c:\windows\system32\%APPDATA%

Filelook::
c:\windows\system32\ntdll.dll
c:\windows\Setup1.exe
c:\windows\ST6UNST.EXE

File::
c:\windows\system32\dds_log_trash.cmd

Folder::
c:\users\***\AppData\Local\46f8b494
c:\program files\Ask.com
c:\windows\$NtUninstallKB3475$

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

NetSvc::
zpaction
qserver

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

F0ggy · 17.01.2012, 23:49

Code:

ATTFilter

ComboFix 12-01-17.01 - *** 17.01.2012  23:12:46.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3071.2060 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\dds_log_trash.cmd"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cb_940.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_633.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\users\***\AppData\Local\46f8b494
c:\users\***\AppData\Local\46f8b494\@
c:\users\***\AppData\Local\46f8b494\loader.tlb
c:\users\***\AppData\Local\46f8b494\X
c:\users\***\AppData\Local\Temp\sfamcc00001.dll
c:\users\***\AppData\Local\Temp\sfareca00001.dll
c:\windows\$NtUninstallKB3475$
c:\windows\system32\dds_log_trash.cmd
.
c:\windows\system32\drivers\Serial.sys fehlte 
Kopie von - c:\windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys wurde wiederhergestellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-17 bis 2012-01-17  ))))))))))))))))))))))))))))))
.
.
2012-01-17 22:21 . 2012-01-17 22:23	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-01-17 22:21 . 2012-01-17 22:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-17 22:21 . 2009-07-13 23:45	83456	----a-w-	c:\windows\system32\drivers\Serial.sys
2012-01-17 15:26 . 2009-07-13 23:12	187904	----a-w-	c:\windows\system32\drivers\netbt.sys
2012-01-17 15:11 . 2009-07-13 23:11	53760	----a-w-	c:\windows\system32\drivers\intelppm.sys
2012-01-16 08:41 . 2011-11-17 05:41	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-01-16 08:41 . 2011-11-17 05:39	369352	----a-w-	c:\windows\system32\drivers\cng.sys
2012-01-16 08:41 . 2011-11-17 05:34	224768	----a-w-	c:\windows\system32\schannel.dll
2012-01-16 08:41 . 2011-11-17 05:32	1038848	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-16 08:41 . 2011-11-17 05:41	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-16 08:41 . 2011-11-17 05:35	314880	----a-w-	c:\windows\system32\webio.dll
2012-01-16 08:41 . 2011-11-17 05:34	15872	----a-w-	c:\windows\system32\sspisrv.dll
2012-01-16 08:41 . 2011-11-17 05:34	100352	----a-w-	c:\windows\system32\sspicli.dll
2012-01-16 08:41 . 2011-11-17 05:34	22016	----a-w-	c:\windows\system32\secur32.dll
2012-01-16 08:41 . 2011-11-17 05:29	22528	----a-w-	c:\windows\system32\lsass.exe
2012-01-15 08:24 . 2012-01-15 08:24	--------	d-----w-	c:\program files\ESET
2012-01-14 14:21 . 2012-01-14 14:21	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-01-14 14:21 . 2012-01-14 14:21	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-14 14:21 . 2012-01-14 14:21	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-14 14:21 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-13 22:58 . 2012-01-13 22:58	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-01-13 12:35 . 2012-01-13 12:35	--------	d-----w-	c:\programdata\MemeoCommon
2012-01-13 08:45 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9029A33-9E76-42FE-B42C-7947F8EFB9F5}\mpengine.dll
2012-01-12 18:14 . 2012-01-12 18:14	--------	d-----w-	c:\users\***\riotsGamesLogs
2012-01-12 18:14 . 2012-01-12 18:14	--------	d-----w-	c:\users\***\AppData\Roaming\LolClient
2012-01-12 14:44 . 2008-07-12 07:18	467984	----a-w-	c:\windows\system32\d3dx10_39.dll
2012-01-12 14:44 . 2008-07-12 07:18	1493528	----a-w-	c:\windows\system32\D3DCompiler_39.dll
2012-01-12 14:44 . 2008-07-12 07:18	3851784	----a-w-	c:\windows\system32\D3DX9_39.dll
2012-01-12 14:13 . 2012-01-12 19:58	--------	d-----w-	c:\users\***\AppData\Local\PMB Files
2012-01-12 14:13 . 2012-01-12 19:58	--------	d-----w-	c:\programdata\PMB Files
2012-01-12 14:12 . 2012-01-12 14:12	--------	d-----w-	c:\program files\Pando Networks
2012-01-11 19:07 . 2011-11-17 05:38	1288472	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 19:07 . 2011-11-19 14:01	67072	----a-w-	c:\windows\system32\packager.dll
2012-01-11 19:07 . 2011-10-26 04:32	514560	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 19:07 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 18:51 . 2012-01-11 18:51	249856	------w-	c:\windows\Setup1.exe
2012-01-11 18:51 . 2012-01-11 18:51	73216	----a-w-	c:\windows\ST6UNST.EXE
2012-01-10 22:39 . 2012-01-10 22:39	--------	d-----w-	c:\program files\Wondershare
2012-01-08 18:40 . 2012-01-08 18:40	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-08 18:40 . 2012-01-08 18:40	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-08 18:40 . 2012-01-08 18:40	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-08 18:40 . 2012-01-08 18:40	43992	----a-w-	c:\program files\Mozilla Firefox\mozutils.dll
2012-01-07 12:18 . 2012-01-13 13:52	--------	d-----w-	c:\users\***\AppData\Roaming\MediaMonkey
2012-01-06 16:53 . 2012-01-06 16:53	--------	d-----w-	c:\users\***\AppData\Roaming\Microsoft Robocopy GUI
2012-01-06 16:53 . 2012-01-06 16:53	--------	d-----w-	c:\program files\Microsoft
2011-12-24 10:53 . 2011-12-24 10:53	--------	d-----w-	c:\users\***\AppData\Roaming\Memeo
2011-12-24 10:52 . 2011-12-24 10:52	--------	d-----w-	c:\program files\Common Files\Memeo
2011-12-24 10:52 . 2011-12-24 10:52	--------	d-----w-	c:\program files\Memeo
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-13 22:54 . 2011-05-19 09:55	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-22 17:31 . 2010-07-08 14:30	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2011-12-08 13:46 . 2011-10-29 22:53	134856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-24 04:25 . 2011-12-16 08:51	2342912	----a-w-	c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2009-10-25 16:06	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-11-10 17:40 . 2011-11-10 17:40	768848	----a-w-	c:\windows\system32\msvcr100.dll
2011-11-10 17:40 . 2011-11-10 17:40	421200	----a-w-	c:\windows\system32\msvcp100.dll
2011-11-05 04:26 . 2011-12-16 08:51	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-16 13:45	1798144	----a-w-	c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-16 13:45	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-16 13:45	1127424	----a-w-	c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-16 13:45	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-31 10:22 . 2011-03-07 11:44	4659712	----a-w-	c:\windows\system32\Redemption.dll
2011-10-31 10:22 . 2011-10-31 10:22	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2011-10-31 10:22 . 2011-10-31 10:22	325552	----a-w-	c:\windows\MASetupCaller.dll
2011-10-31 10:22 . 2011-10-31 10:22	30568	----a-w-	c:\windows\MusiccityDownload.exe
2011-10-31 10:22 . 2011-03-05 15:12	821824	----a-w-	c:\windows\system32\dgderapi.dll
2011-10-27 01:25 . 2011-11-26 11:19	98560	----a-w-	c:\windows\system32\drivers\sscebus.sys
2011-10-27 01:25 . 2011-11-26 11:19	14848	----a-w-	c:\windows\system32\drivers\sscemdfl.sys
2011-10-27 01:25 . 2011-11-26 11:19	12416	----a-w-	c:\windows\system32\drivers\sscecmnt.sys
2011-10-27 01:25 . 2011-11-26 11:19	12416	----a-w-	c:\windows\system32\drivers\sscecm.sys
2011-10-27 01:25 . 2011-11-26 11:19	123648	----a-w-	c:\windows\system32\drivers\sscemdm.sys
2011-10-27 01:25 . 2011-11-26 11:19	12288	----a-w-	c:\windows\system32\drivers\sscewhnt.sys
2011-10-27 01:25 . 2011-11-26 11:19	12288	----a-w-	c:\windows\system32\drivers\sscewh.sys
2011-10-27 01:25 . 2011-11-26 11:19	100352	----a-w-	c:\windows\system32\drivers\ssceserd.sys
2011-10-26 04:47 . 2011-12-16 08:51	3967856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:47 . 2011-12-16 08:51	3912560	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-26 04:28 . 2011-12-16 08:51	38912	----a-w-	c:\windows\system32\csrsrv.dll
2012-01-08 18:40 . 2011-04-24 08:49	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\Setup1.exe ---
Company: Microsoft Corporation
File Description: Visual Basic 6.0 Setup Toolkit
File Version: 6.00.8804
Product Name: Visual Basic
Copyright: Copyright (C) 1987-1999 Microsoft Corporation
Original Filename: setup1.exe
File size: 249856
Created time: 2012-01-11 18:51
Modified time: 2012-01-11 18:51
MD5: B9917FC4C836776765E311FFF84DD534
SHA1: 63CF6B3992F2058F6A5995293E1017627569F8B5
.
.
--- c:\windows\ST6UNST.EXE ---
Company: Microsoft Corporation
File Description: Visual Basic Setup Toolkit Uninstaller
File Version: 6.00.8450
Product Name: Microsoft® Visual Basic for Windows
Copyright: Copyright © 1987-1998 Microsoft Corp.
Original Filename: ST6UNST.DLL
File size: 73216
Created time: 2012-01-11 18:51
Modified time: 2012-01-11 18:51
MD5: D422839C99927DB561F5C019643EACEC
SHA1: E6C1322BAEBF818092AF991DE744EA1081CFD062
.
.
--- c:\windows\system32\ntdll.dll ---
Company: Microsoft Corporation
File Description: DLL für NT-Layer
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: ntdll.dll.mui
File size: 1288472
Created time: 2012-01-11 19:07
Modified time: 2011-11-17 05:38
MD5: C30A91ADE8C9CB91E4281EC83C4500C6
SHA1: 3FE149A00C11D1E57C32D2DED51EA9737514814B
.
---- Directory of c:\windows\system32\%APPDATA% ----
.
2012-01-13 22:58 . 2012-01-17 14:59	16384	--sha-w-	c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"="c:\program files\System\StrokeIt\StrokeIt.exe" [2009-06-16 24712]
"Dexpot"="c:\program files\Dexpot\dexpot.exe" [2011-11-08 1421312]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-12-02 935312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power Manager"="c:\program files\Gembird\Power Manager\pm.exe" [2010-12-09 10043392]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-06 7772704]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2011-11-10 1993728]
speedfan.lnk - c:\program files\System\SpeedFan\speedfan.exe [2009-11-25 4009592]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Virtual Router Manager.lnk - c:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29	64592	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
R2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-12-08 342480]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-19 463824]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [2011-05-24 22464]
R3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-19 101904]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 25864]
R3 Cap7146_DVB;Cinergy 1200 DVB-S Capture (BDA);c:\windows\system32\Drivers\TTCinCap.sys [2007-09-17 62976]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2011-03-07 29248]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2011-03-07 29248]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 23048]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-03-18 40912]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PTDVB;Cinergy 1200 DVB-S Tuner (BDA);c:\windows\system32\Drivers\TTCinTun.sys [2007-09-17 117120]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-01-30 205312]
R3 SCL01132;SCL011 Contactless Reader;c:\windows\system32\DRIVERS\SCL01132.sys [2010-05-07 61824]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2011-10-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2011-10-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2011-10-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2011-10-27 100352]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\DRIVERS\wg121nd5.sys [2003-11-28 337216]
R4 SamsungAllShare;Samsung AllShare PC Service;c:\program files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [2011-05-24 7237024]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2010-04-18 110304]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 FileOpenManagerSvc;FileOpenManagerSvc;c:\programdata\FileOpen\Services\FileOpenManagerSvc32.exe [2011-03-09 212352]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-28 233472]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-15 25824]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-08-12 135616]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
nvidesm
gmer
nvatabus
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{3305EA17-9DD5-466B-BBBB-F59126F609D7}: NameServer = 192.168.0.1
TCP: Interfaces\{3ECBE26F-7263-4D95-808F-2A256DEA3283}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\
FF - prefs.js: browser.startup.homepage - hxxp://www.schnaeppchenfuchs.com/blog/ | hxxp://www.sparbote.de/ | hxxp://www.google.de/ig | hxxp://beck-aktuell.beck.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3813850378-2622415271-2154893954-1000\Software\SecuROM\License information*]
"datasecu"=hex:20,02,7d,4e,1a,72,4e,43,03,6f,84,78,df,3a,86,ab,5f,67,f3,86,49,
   3b,a6,85,b9,d1,f0,ad,6d,cf,62,e4,ce,8a,ad,0c,d3,7c,96,3f,28,e2,cb,0d,fa,38,\
"rkeysecu"=hex:7d,4a,06,1d,e5,91,f6,40,e3,a3,db,77,c6,a2,25,08
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-17  23:28:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-17 22:28
ComboFix2.txt  2012-01-17 15:33
.
Vor Suchlauf: 20 Verzeichnis(se), 36.950.355.968 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 36.869.816.320 Bytes frei
.
- - End Of File - - CDD1F2EFDD1F12B1B6E65DF97FBA483A

cosinus · 18.01.2012, 11:58

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

F0ggy · 18.01.2012, 17:14

Code:

ATTFilter

OTL logfile created on: 18.01.2012 17:00:08 - Run 5
OTL by OldTimer - Version 3.2.31.0     Folder = E:\Users\*** ***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,07% Memory free
5,99 Gb Paging File | 4,64 Gb Available in Paging File | 77,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 34,32 Gb Free Space | 34,32% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 65,32 Gb Free Space | 65,32% Space Free | Partition Type: NTFS
Drive E: | 415,75 Gb Total Space | 54,64 Gb Free Space | 13,14% Space Free | Partition Type: NTFS
Drive F: | 315,77 Gb Total Space | 213,96 Gb Free Space | 67,76% Space Free | Partition Type: NTFS
Drive H: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive S: | 465,76 Gb Total Space | 73,48 Gb Free Space | 15,78% Space Free | Partition Type: NTFS
 
Computer Name: ***-WIN7 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.14 10:27:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\Users\*** ***\Downloads\OTL.exe
PRC - [2011.10.19 16:03:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:02:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:02:32 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:02:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.03.09 17:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2011.03.09 05:53:18 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.03.09 05:52:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.23 16:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 10\cbService.exe
PRC - [2010.09.23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.11.25 14:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\System\SpeedFan\speedfan.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.08.05 13:11:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008.08.05 13:10:58 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.08.05 13:10:56 | 000,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.18 16:54:36 | 000,192,512 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.01.18 16:54:36 | 000,172,032 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\sfareca00001.dll
MOD - [2012.01.11 20:39:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012.01.11 20:39:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011.10.26 17:51:11 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011.10.26 17:50:28 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011.10.26 17:50:23 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011.10.26 17:45:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011.10.26 17:45:29 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011.10.26 17:45:17 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011.10.26 17:45:16 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011.10.26 17:45:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.26 17:45:01 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.26 17:44:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.26 17:44:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.26 17:44:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.26 17:44:27 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.26 17:44:05 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.03.08 23:24:12 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.11.13 00:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.07.14 09:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 09:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2008.08.05 13:10:56 | 000,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (zpaction)
SRV - File not found [Auto | Stopped] --  -- (qserver)
SRV - File not found [Auto | Stopped] --  -- (nvatabus)
SRV - [2011.12.22 19:28:31 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.08 14:46:12 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.10.19 16:02:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:02:35 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.19 16:02:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.05.24 12:44:40 | 007,237,024 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe -- (SamsungAllShare)
SRV - [2011.05.24 12:44:30 | 000,022,464 | ---- | M] (Samsung Electronics) [Auto | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.09 17:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2011.03.09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.03.09 05:52:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.09.23 16:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbService.exe -- (CobianBackup10)
SRV - [2010.09.23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010.07.16 17:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.05.06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.08 14:46:13 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.27 02:25:56 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2011.10.27 02:25:56 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2011.10.27 02:25:56 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2011.10.27 02:25:56 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2011.10.19 16:03:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:03:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.09 22:28:10 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.03.09 10:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.03.09 10:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.03.09 05:17:24 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.03.07 19:20:12 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfyMP)
DRV - [2011.03.07 19:20:12 | 000,029,248 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\connctfy.sys -- (connctfy)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.19 10:38:05 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.07.26 14:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.13 18:20:22 | 000,050,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2010.05.07 11:19:28 | 000,061,824 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCL01132.sys -- (SCL01132)
DRV - [2010.04.26 10:48:36 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2010.04.18 21:06:43 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2010.04.07 09:51:20 | 000,171,240 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2010.04.06 17:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010.04.06 17:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010.04.06 17:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2010.03.18 10:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010.03.18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.03.18 10:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.09.11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.09.11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.09.11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.09.11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009.07.28 19:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009.07.24 10:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.06.19 08:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2009.06.19 08:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.06.19 08:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.06.17 10:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.12 15:50:36 | 000,135,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2007.09.17 15:30:34 | 000,117,120 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTCinTun.sys -- (PTDVB) Cinergy 1200 DVB-S Tuner (BDA)
DRV - [2007.09.17 15:30:34 | 000,062,976 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTCinCap.sys -- (Cap7146_DVB) Cinergy 1200 DVB-S Capture (BDA)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.01.30 20:03:36 | 000,205,312 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007.01.15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.11.28 09:18:46 | 000,337,216 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg121nd5.sys -- (wg121)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 DB 84 9F 5E D3 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.07 19:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.07 19:37:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 19:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 09:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.30 10:44:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.19 10:10:52 | 000,000,000 | ---D | M]
 
[2010.05.12 22:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.12 22:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde}
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.01.10 20:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions
[2010.07.28 15:25:24 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011.12.08 15:28:24 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.12.16 11:28:11 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.07.28 15:09:07 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011.02.05 11:45:07 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.12.05 15:49:43 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.08.09 18:44:37 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2011.01.07 19:44:58 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.12.18 18:32:12 | 000,000,000 | ---D | M] (AllowClipboard Helper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{cda6db95-6aab-414b-803c-40cf34f589b5}
[2010.07.28 15:25:24 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\ctrl-tab@design-noir.de
[2010.11.18 23:20:12 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.11 10:37:26 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0y9dohzs.***\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.10.30 10:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5853x5o4.default\extensions
[2012.01.13 16:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\flyn4w34.Sicher\extensions
[2012.01.13 16:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\flyn4w34.Sicher\extensions\staged
[2010.07.24 11:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011.10.30 10:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mc4baq90.default\extensions\toolbar@ask.com
[2011.11.22 22:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.08 19:40:56 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.24 11:21:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.01.08 19:40:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.08 19:40:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.08 19:40:51 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.08 19:40:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.30 10:31:38 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.01.08 19:40:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.08 19:40:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.17 23:21:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Power Manager] C:\Program Files\Gembird\Power Manager\pm.exe (Gembird Europe B.V.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Dexpot] C:\Program Files\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [StrokeIt] C:\Program Files\System\StrokeIt\strokeit.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010.05.23 17:39:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk = C:\Program Files\System\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3305EA17-9DD5-466B-BBBB-F59126F609D7}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ECBE26F-7263-4D95-808F-2A256DEA3283}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - H:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: nvidesm -  File not found
NetSvcs: gmer -  File not found
NetSvcs: nvatabus -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: prwntdrv - Reg Error: Value error.
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: prwntdrv - Reg Error: Value error.
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - 
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled - 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.17 23:28:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.01.17 23:23:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.01.17 23:21:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2012.01.17 16:08:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.01.17 16:08:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.01.17 16:08:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.01.17 16:08:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.01.17 16:08:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.17 16:01:40 | 004,386,439 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.01.15 09:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.14 15:21:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.01.14 15:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.14 15:21:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.14 15:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.14 15:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.13 23:58:31 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.01.13 13:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2012.01.12 19:14:44 | 000,000,000 | ---D | C] -- C:\Users\***\riotsGamesLogs
[2012.01.12 19:14:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LolClient
[2012.01.12 15:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.01.12 15:13:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PMB Files
[2012.01.12 15:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.01.12 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012.01.11 19:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneEdit Dynamic Update Client
[2012.01.10 23:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Wondershare PDF Converter
[2012.01.10 23:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012.01.10 23:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2012.01.07 13:18:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2012.01.06 17:53:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft Robocopy GUI
[2012.01.06 17:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.01.05 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eidos
[2012.01.05 15:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
[2011.12.24 16:11:13 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_Music_Maker_17
[2011.12.24 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Music_Maker_17
[2011.12.24 11:53:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Memeo
[2011.12.24 11:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2011.12.24 11:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2011.12.24 11:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.18 17:02:13 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.18 17:02:13 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.18 16:54:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.18 16:54:02 | 2415,206,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.17 23:21:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.01.17 18:39:02 | 000,710,228 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.17 18:39:02 | 000,663,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.17 18:39:02 | 000,154,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.17 18:39:02 | 000,126,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.17 16:01:57 | 004,386,439 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.01.17 15:56:43 | 347,923,134 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.14 15:21:18 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.14 14:29:37 | 000,001,212 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.01.14 11:02:37 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\f61dpqf4.exe
[2012.01.14 10:39:21 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.13 13:19:33 | 000,069,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.12 15:44:38 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.01.10 23:39:16 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare PDF Converter.lnk
[2012.01.07 13:18:26 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.01.06 20:48:34 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp
[2012.01.06 17:53:19 | 000,003,061 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Robocopy GUI.lnk
[2012.01.05 18:20:52 | 000,000,206 | ---- | M] () -- C:\Users\***\Desktop\Portal.url
[2011.12.25 18:05:49 | 000,491,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.24 16:10:19 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17.lnk
[2011.12.24 11:52:30 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Memeo Instant Backup.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.17 16:08:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.01.17 16:08:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.01.17 16:08:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.01.17 16:08:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.01.17 16:08:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.01.14 18:21:29 | 347,923,134 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.14 16:56:25 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\f61dpqf4.exe
[2012.01.14 15:21:18 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.14 10:39:21 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.12 15:44:38 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.01.10 23:39:16 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare PDF Converter.lnk
[2012.01.07 13:18:26 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.01.06 20:48:34 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp
[2012.01.06 17:53:19 | 000,003,061 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Robocopy GUI.lnk
[2012.01.06 17:53:19 | 000,003,021 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Robocopy GUI.lnk
[2012.01.05 18:20:52 | 000,000,206 | ---- | C] () -- C:\Users\***\Desktop\Portal.url
[2011.12.24 16:10:19 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Music Maker 17.lnk
[2011.12.24 11:52:30 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Memeo Instant Backup.lnk
[2011.11.18 16:47:37 | 000,000,079 | ---- | C] () -- C:\Users\***\AppData\Local\CrystalDiskMark30.ini
[2011.10.31 11:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.28 21:17:58 | 000,140,024 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.04.28 21:17:35 | 000,280,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.04.28 21:17:26 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.04.24 11:52:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.19 15:51:24 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.04.14 18:06:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.26 17:31:01 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.03.21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.02.01 23:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.01.23 23:39:45 | 000,000,053 | ---- | C] () -- C:\Windows\Eraser.INI
[2011.01.13 04:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.11.06 16:04:11 | 000,000,395 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.11.05 11:40:30 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2010.08.07 17:33:29 | 000,000,093 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2010.08.05 21:32:31 | 000,000,000 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2010.08.04 18:14:43 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.07.12 12:37:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.07.12 12:37:55 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.07 16:28:58 | 000,001,099 | ---- | C] () -- C:\Users\***\AppData\Roaming\ShiftN.ini
[2010.04.19 20:44:09 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.04.19 20:43:48 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.04.18 20:42:50 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.06 17:33:10 | 000,025,864 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2010.04.03 11:20:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.04.02 12:37:20 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.03.27 17:24:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.03.05 11:52:53 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2010.01.30 14:54:38 | 000,007,600 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.01.28 19:44:10 | 000,069,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.28 19:39:23 | 000,001,212 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.10.26 21:15:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 09:47:43 | 000,710,228 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,154,472 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,491,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,663,428 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,126,378 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2004.08.13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.11.30 18:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\#Short company name#
[2010.05.12 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.pknowledge
[2010.07.23 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt
[2010.01.21 19:29:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alle meine Passworte
[2010.06.07 20:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.05.26 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2010.03.28 00:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2
[2010.02.11 11:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.03.22 17:24:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2010.05.12 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\conkeror.mozdev.org
[2010.08.14 11:06:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crazysoft
[2011.11.10 21:08:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.01.18 16:57:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dexpot
[2011.04.30 11:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.04.19 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileOpen
[2012.01.13 12:13:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.08.08 10:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2009.12.09 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.01.12 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.02.20 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GeoSetter
[2012.01.11 12:21:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRight
[2011.06.17 07:30:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go
[2010.09.29 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grand Ages Rome
[2010.06.12 12:57:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2011.07.20 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.02.08 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.04.04 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JoJoThumb
[2011.06.14 08:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KRKsoft
[2010.03.28 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Langenscheidt
[2009.10.26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.05.12 22:37:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingDIALOG
[2012.01.12 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2011.12.24 16:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.13 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2011.12.24 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Memeo
[2011.07.17 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.16 11:18:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBrainz
[2010.03.14 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2011.12.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software
[2010.02.16 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.02.05 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Oloneo
[2010.08.17 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.04.23 10:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\performous
[2011.05.25 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD
[2011.03.23 21:29:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2010.03.31 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RidNacs
[2011.11.26 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010.11.06 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2012.01.18 16:54:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spamihilator
[2009.10.25 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks
[2010.09.08 11:28:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.11.26 12:22:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2010.02.07 11:59:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec
[2010.04.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.07.30 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thomas Lippert
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011.06.09 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.01.13 22:19:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV-Browser
[2011.02.03 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2010.11.06 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
[2012.01.17 16:37:43 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.11.30 18:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\#Short company name#
[2010.05.12 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.pknowledge
[2011.04.19 10:11:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.07.23 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt
[2010.01.21 19:29:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alle meine Passworte
[2010.06.07 20:19:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.05.03 20:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.04.24 11:55:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2010.05.26 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2011.10.29 23:56:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.03.28 00:12:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2
[2010.02.11 11:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.03.22 17:24:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2010.05.12 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\conkeror.mozdev.org
[2010.01.28 19:39:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel
[2010.08.14 11:06:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crazysoft
[2010.03.05 12:13:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Creative
[2011.11.10 21:08:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.01.18 16:57:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dexpot
[2010.03.31 17:19:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2010.07.18 17:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2011.04.30 11:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.04.19 10:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileOpen
[2012.01.13 12:13:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.08.08 10:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2009.12.09 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.01.12 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.02.20 12:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GeoSetter
[2012.01.11 12:21:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRight
[2011.06.17 07:30:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go
[2010.09.29 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Grand Ages Rome
[2010.06.12 12:57:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2011.07.20 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.10.21 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2009.10.21 17:02:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.04.17 14:13:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel Corporation
[2010.02.08 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.04.04 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JoJoThumb
[2011.06.14 08:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KRKsoft
[2010.03.28 17:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Langenscheidt
[2009.10.26 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.05.12 22:37:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingDIALOG
[2010.07.08 15:25:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd
[2010.07.08 15:25:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2012.01.12 19:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2010.08.09 19:07:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.12.24 16:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.14 15:21:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.01.13 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2011.12.24 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Memeo
[2011.12.21 10:43:49 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.01.06 17:53:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Microsoft Robocopy GUI
[2009.10.26 21:15:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.07.17 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.07.16 11:18:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBrainz
[2010.03.14 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2010.03.29 15:22:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2011.12.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software
[2010.02.16 12:33:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.02.05 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Oloneo
[2010.08.17 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.04.23 10:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\performous
[2011.05.25 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD
[2011.03.23 21:29:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2010.04.23 15:46:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2010.03.05 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Reallusion
[2010.03.31 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RidNacs
[2011.11.26 12:02:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010.11.06 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2011.10.30 17:54:46 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2012.01.18 16:57:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.07.27 19:46:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2010.05.25 14:04:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Corporation
[2012.01.18 16:54:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spamihilator
[2010.05.12 22:13:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sun
[2009.10.26 21:15:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Talkback
[2009.10.25 20:44:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks
[2010.09.08 11:28:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.11.26 12:22:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2010.02.07 11:59:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec
[2010.04.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.07.30 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thomas Lippert
[2010.02.08 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.04.19 19:18:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011.06.09 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.01.13 22:19:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TV-Browser
[2011.02.15 17:36:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\U3
[2011.12.12 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2010.01.31 18:24:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2011.02.03 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2010.11.06 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2011.01.29 06:39:18 | 004,689,306 | ---- | M] (Phil Harvey) -- C:\Users\***\AppData\Roaming\GeoSetter\tools\exiftool.exe
[2010.07.06 13:34:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.01.06 17:53:19 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{107C666F-63C5-4263-8D40-8B9CFB5FED08}\_3995960CB1E9C3E7D1AB19.exe
[2012.01.06 17:53:19 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{107C666F-63C5-4263-8D40-8B9CFB5FED08}\_7D7DA06457C4EB49E1DD79.exe
[2010.09.05 13:17:19 | 000,003,584 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2009.11.08 18:23:32 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2010.09.19 21:37:35 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010.02.17 00:13:35 | 000,284,147 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_3207B59E601B5F75D71B21.exe
[2010.02.17 00:13:35 | 000,284,147 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_6FEFF9B68218417F98F549.exe
[2010.02.17 00:13:35 | 000,284,147 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{47609E69-4C5E-48B1-A889-24C6B82B5C04}\_93A0BD079836122C39D406.exe
[2010.07.09 10:35:22 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2011.04.19 10:12:28 | 000,014,846 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{ABC082A6-A587-493C-83C1-5F2C60A8BAA8}\FileOpenNew.exe
[2010.09.29 19:53:31 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.07.11 11:40:42 | 000,002,238 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{EAEFE468-1A5D-49A6-8286-D74C6261CE75}\_744700CFCD6A03D1A3FD79.exe
[2011.01.31 02:01:42 | 087,340,080 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2011.04.23 13:51:25 | 000,188,152 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\FlashGot.exe
[2011.12.13 16:57:24 | 000,141,312 | ---- | M] (getfireshot.com) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe
[2011.12.13 16:57:20 | 000,068,096 | ---- | M] (getfireshot.com) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0y9dohzs.***\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe
[2011.02.17 21:39:13 | 000,835,440 | R--- | M] () -- C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
[2011.12.04 16:15:39 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe
[2011.11.02 16:51:52 | 000,928,656 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.11.02 16:51:56 | 000,278,928 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.11.02 16:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.10.31 11:23:28 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.10.31 11:23:28 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.10.31 11:23:28 | 000,690,688 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.11.02 16:51:58 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.10.31 11:23:12 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.10.31 11:23:12 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.11.02 16:52:04 | 000,131,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.11.02 16:52:06 | 000,021,392 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.11.02 16:52:08 | 003,571,576 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.11.02 16:52:10 | 000,391,568 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2011.12.02 16:17:54 | 000,392,080 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\***\AppData\Roaming\U3\temp\cleanup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.03 18:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010.03.03 18:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.03.09 05:53:44 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
<           >

< End of report >

cosinus · 18.01.2012, 18:50

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
SRV - File not found [Auto | Stopped] --  -- (zpaction)
SRV - File not found [Auto | Stopped] --  -- (qserver)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.25 14:12:52 | 001,312,008 | R--- | M] (Rocksteady) - H:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.05.23 22:12:16 | 000,000,047 | R--- | M] () - H:\autorun.inf -- [ UDF ]
[2009.11.30 18:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\#Short company name#
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

F0ggy · 18.01.2012, 19:09

Code:

ATTFilter

All processes killed
========== OTL ==========
Service zpaction stopped successfully!
Service zpaction deleted successfully!
Service qserver stopped successfully!
Service qserver deleted successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. H:\autorun.exe scheduled to be moved on reboot.
File move failed. H:\autorun.inf scheduled to be moved on reboot.
C:\Users\Nebel\AppData\Roaming\#Short company name#\#settings_subfolder#\Log folder moved successfully.
C:\Users\Nebel\AppData\Roaming\#Short company name#\#settings_subfolder#\Channels folder moved successfully.
C:\Users\Nebel\AppData\Roaming\#Short company name#\#settings_subfolder# folder moved successfully.
C:\Users\Nebel\AppData\Roaming\#Short company name# folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nebel
->Temp folder emptied: 462848 bytes
->Temporary Internet Files folder emptied: 8918621 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 154420243 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 58342 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sebastian Nebel
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 156,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01182012_190137

Files\Folders moved on Reboot...
File\Folder H:\autorun.exe not found!
File\Folder H:\autorun.inf not found!

Registry entries deleted on Reboot...

Sehe gerad, dass die Autorun-Dateien von Laufwerk H: gelöscht werden sollten. Da liegt noch ne DVD drin, geht natürlich nicht zu löschen

cosinus · 18.01.2012, 20:10

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

F0ggy · 18.01.2012, 20:38

Code:

ATTFilter

20:35:24.0887 1528	TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
20:35:25.0022 1528	============================================================
20:35:25.0022 1528	Current date / time: 2012/01/18 20:35:25.0022
20:35:25.0022 1528	SystemInfo:
20:35:25.0022 1528	
20:35:25.0022 1528	OS Version: 6.1.7601 ServicePack: 1.0
20:35:25.0022 1528	Product type: Workstation
20:35:25.0022 1528	ComputerName: ***-WIN7
20:35:25.0022 1528	UserName: ***
20:35:25.0022 1528	Windows directory: C:\Windows
20:35:25.0022 1528	System windows directory: C:\Windows
20:35:25.0023 1528	Processor architecture: Intel x86
20:35:25.0023 1528	Number of processors: 2
20:35:25.0023 1528	Page size: 0x1000
20:35:25.0023 1528	Boot type: Normal boot
20:35:25.0023 1528	============================================================
20:35:25.0695 1528	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:35:25.0716 1528	Drive \Device\Harddisk0\DR0 - Size: 0xE8E1300000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:35:25.0906 1528	Initialize success
20:35:54.0370 5348	============================================================
20:35:54.0370 5348	Scan started
20:35:54.0370 5348	Mode: Manual; SigCheck; TDLFS; 
20:35:54.0370 5348	============================================================
20:35:55.0743 5348	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:35:55.0790 5348	1394ohci - ok
20:35:55.0868 5348	ACEDRV09        (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
20:35:55.0930 5348	ACEDRV09 - ok
20:35:55.0977 5348	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:35:55.0993 5348	ACPI - ok
20:35:56.0039 5348	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:35:56.0055 5348	AcpiPmi - ok
20:35:56.0102 5348	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:35:56.0117 5348	adp94xx - ok
20:35:56.0164 5348	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:35:56.0180 5348	adpahci - ok
20:35:56.0211 5348	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:35:56.0211 5348	adpu320 - ok
20:35:56.0305 5348	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:35:56.0351 5348	AFD - ok
20:35:56.0383 5348	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:35:56.0398 5348	agp440 - ok
20:35:56.0429 5348	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:35:56.0445 5348	aic78xx - ok
20:35:56.0445 5348	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:35:56.0461 5348	aliide - ok
20:35:56.0523 5348	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:35:56.0523 5348	amdagp - ok
20:35:56.0539 5348	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:35:56.0554 5348	amdide - ok
20:35:56.0585 5348	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:35:56.0617 5348	AmdK8 - ok
20:35:56.0835 5348	amdkmdag        (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
20:35:57.0069 5348	amdkmdag - ok
20:35:57.0116 5348	amdkmdap        (655053f7c0a3b551da84db7417a10e15) C:\Windows\system32\DRIVERS\atikmpag.sys
20:35:57.0131 5348	amdkmdap - ok
20:35:57.0178 5348	AmdLLD          (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
20:35:57.0194 5348	AmdLLD - ok
20:35:57.0225 5348	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:35:57.0256 5348	AmdPPM - ok
20:35:57.0319 5348	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:35:57.0319 5348	amdsata - ok
20:35:57.0350 5348	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:35:57.0365 5348	amdsbs - ok
20:35:57.0365 5348	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:35:57.0381 5348	amdxata - ok
20:35:57.0537 5348	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:35:57.0568 5348	AppID - ok
20:35:57.0615 5348	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:35:57.0631 5348	arc - ok
20:35:57.0646 5348	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:35:57.0677 5348	arcsas - ok
20:35:57.0740 5348	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:35:57.0771 5348	AsyncMac - ok
20:35:57.0771 5348	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:35:57.0787 5348	atapi - ok
20:35:57.0849 5348	AtiHDAudioService (35207458c90f55c61247de139a6a243a) C:\Windows\system32\drivers\AtihdW73.sys
20:35:57.0849 5348	AtiHDAudioService - ok
20:35:57.0974 5348	atikmdag        (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
20:35:58.0052 5348	atikmdag - ok
20:35:58.0114 5348	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
20:35:58.0130 5348	avgntflt - ok
20:35:58.0161 5348	avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
20:35:58.0177 5348	avipbb - ok
20:35:58.0208 5348	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:35:58.0223 5348	avkmgr - ok
20:35:58.0286 5348	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:35:58.0317 5348	b06bdrv - ok
20:35:58.0379 5348	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:35:58.0379 5348	b57nd60x - ok
20:35:58.0411 5348	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:35:58.0442 5348	Beep - ok
20:35:58.0473 5348	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:35:58.0504 5348	blbdrive - ok
20:35:58.0520 5348	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:35:58.0535 5348	bowser - ok
20:35:58.0551 5348	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:35:58.0582 5348	BrFiltLo - ok
20:35:58.0598 5348	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:35:58.0629 5348	BrFiltUp - ok
20:35:58.0660 5348	BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
20:35:58.0691 5348	BridgeMP - ok
20:35:58.0707 5348	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:35:58.0769 5348	Brserid - ok
20:35:58.0785 5348	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:35:58.0816 5348	BrSerWdm - ok
20:35:58.0832 5348	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:35:58.0910 5348	BrUsbMdm - ok
20:35:58.0925 5348	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:35:58.0941 5348	BrUsbSer - ok
20:35:58.0957 5348	BT - ok
20:35:58.0957 5348	BTCOM - ok
20:35:59.0003 5348	BTCOMBUS - ok
20:35:59.0019 5348	Btcsrusb - ok
20:35:59.0050 5348	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
20:35:59.0081 5348	BthEnum - ok
20:35:59.0113 5348	BtHidBus        (da9e15e55c33392d7dfd7f21116214be) C:\Windows\system32\Drivers\BtHidBus.sys
20:35:59.0128 5348	BtHidBus - ok
20:35:59.0144 5348	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:35:59.0159 5348	BTHMODEM - ok
20:35:59.0206 5348	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
20:35:59.0222 5348	BthPan - ok
20:35:59.0300 5348	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
20:35:59.0331 5348	BTHPORT - ok
20:35:59.0362 5348	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
20:35:59.0378 5348	BTHUSB - ok
20:35:59.0409 5348	btnetBUs        (7bb8ac22bc9e6a1e7707daecada95cd9) C:\Windows\system32\Drivers\btnetBus.sys
20:35:59.0409 5348	btnetBUs - ok
20:35:59.0440 5348	Cap7146_DVB     (cddc46f22fc1d7776b34a241046a8b1a) C:\Windows\system32\Drivers\TTCinCap.sys
20:35:59.0471 5348	Cap7146_DVB ( UnsignedFile.Multi.Generic ) - warning
20:35:59.0471 5348	Cap7146_DVB - detected UnsignedFile.Multi.Generic (1)
20:35:59.0549 5348	catchme - ok
20:35:59.0596 5348	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:35:59.0643 5348	cdfs - ok
20:35:59.0690 5348	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
20:35:59.0721 5348	cdrom - ok
20:35:59.0737 5348	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:35:59.0768 5348	circlass - ok
20:35:59.0846 5348	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:35:59.0861 5348	CLFS - ok
20:35:59.0908 5348	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:35:59.0924 5348	CmBatt - ok
20:35:59.0939 5348	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:35:59.0955 5348	cmdide - ok
20:36:00.0017 5348	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
20:36:00.0033 5348	CNG - ok
20:36:00.0049 5348	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:36:00.0064 5348	Compbatt - ok
20:36:00.0095 5348	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
20:36:00.0127 5348	CompositeBus - ok
20:36:00.0173 5348	connctfy        (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys
20:36:00.0173 5348	connctfy - ok
20:36:00.0205 5348	connctfyMP      (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys
20:36:00.0205 5348	connctfyMP - ok
20:36:00.0236 5348	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:36:00.0251 5348	crcdisk - ok
20:36:00.0345 5348	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
20:36:00.0423 5348	CSC - ok
20:36:00.0470 5348	CtClsFlt        (a029cde0a50aee7eeffd70dd3821953d) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:36:00.0485 5348	CtClsFlt - ok
20:36:00.0532 5348	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:36:00.0563 5348	DfsC - ok
20:36:00.0595 5348	dgderdrv - ok
20:36:00.0610 5348	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:36:00.0641 5348	discache - ok
20:36:00.0673 5348	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:36:00.0688 5348	Disk - ok
20:36:00.0735 5348	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:36:00.0751 5348	drmkaud - ok
20:36:00.0875 5348	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:36:00.0891 5348	DXGKrnl - ok
20:36:00.0985 5348	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:36:01.0047 5348	ebdrv - ok
20:36:01.0094 5348	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:36:01.0109 5348	elxstor - ok
20:36:01.0125 5348	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:36:01.0156 5348	ErrDev - ok
20:36:01.0172 5348	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:36:01.0203 5348	exfat - ok
20:36:01.0281 5348	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:36:01.0312 5348	fastfat - ok
20:36:01.0328 5348	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:36:01.0343 5348	fdc - ok
20:36:01.0343 5348	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:36:01.0359 5348	FileInfo - ok
20:36:01.0390 5348	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:36:01.0437 5348	Filetrace - ok
20:36:01.0468 5348	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:36:01.0499 5348	flpydisk - ok
20:36:01.0515 5348	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:36:01.0531 5348	FltMgr - ok
20:36:01.0546 5348	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:36:01.0562 5348	FsDepends - ok
20:36:01.0593 5348	FsUsbExDisk     (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
20:36:01.0609 5348	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:36:01.0609 5348	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:36:01.0655 5348	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:36:01.0655 5348	Fs_Rec - ok
20:36:01.0702 5348	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:36:01.0718 5348	fvevol - ok
20:36:01.0733 5348	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:36:01.0749 5348	gagp30kx - ok
20:36:01.0780 5348	giveio          (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
20:36:01.0780 5348	giveio ( UnsignedFile.Multi.Generic ) - warning
20:36:01.0780 5348	giveio - detected UnsignedFile.Multi.Generic (1)
20:36:01.0796 5348	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:36:01.0827 5348	hcw85cir - ok
20:36:01.0889 5348	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
20:36:01.0921 5348	HdAudAddService - ok
20:36:01.0936 5348	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
20:36:01.0952 5348	HDAudBus - ok
20:36:01.0967 5348	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:36:01.0999 5348	HidBatt - ok
20:36:02.0014 5348	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:36:02.0045 5348	HidBth - ok
20:36:02.0045 5348	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:36:02.0077 5348	HidIr - ok
20:36:02.0139 5348	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
20:36:02.0139 5348	HidUsb - ok
20:36:02.0186 5348	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:36:02.0201 5348	HpSAMD - ok
20:36:02.0248 5348	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:36:02.0279 5348	HTTP - ok
20:36:02.0295 5348	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:36:02.0311 5348	hwpolicy - ok
20:36:02.0357 5348	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
20:36:02.0373 5348	i8042prt - ok
20:36:02.0420 5348	iaStor          (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
20:36:02.0435 5348	iaStor - ok
20:36:02.0498 5348	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:36:02.0513 5348	iaStorV - ok
20:36:02.0545 5348	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:36:02.0560 5348	iirsp - ok
20:36:02.0669 5348	IntcAzAudAddService (202350c0055a39cfca30b2942f7b10d2) C:\Windows\system32\drivers\RTKVHDA.sys
20:36:02.0716 5348	IntcAzAudAddService - ok
20:36:02.0732 5348	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:36:02.0747 5348	intelide - ok
20:36:02.0779 5348	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:36:02.0794 5348	intelppm - ok
20:36:02.0810 5348	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:36:02.0841 5348	IpFilterDriver - ok
20:36:02.0857 5348	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:36:02.0872 5348	IPMIDRV - ok
20:36:02.0888 5348	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:36:02.0919 5348	IPNAT - ok
20:36:02.0935 5348	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:36:02.0950 5348	IRENUM - ok
20:36:02.0981 5348	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:36:02.0997 5348	isapnp - ok
20:36:03.0091 5348	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:36:03.0106 5348	iScsiPrt - ok
20:36:03.0137 5348	IvtBtBUs        (132eb047e3f94dc9eab83c74e8c2e85a) C:\Windows\system32\Drivers\IvtBtBus.sys
20:36:03.0153 5348	IvtBtBUs - ok
20:36:03.0184 5348	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:36:03.0184 5348	kbdclass - ok
20:36:03.0231 5348	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
20:36:03.0309 5348	kbdhid - ok
20:36:03.0403 5348	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
20:36:03.0418 5348	KSecDD - ok
20:36:03.0434 5348	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
20:36:03.0449 5348	KSecPkg - ok
20:36:03.0527 5348	LEqdUsb         (ed8f9311cae12c41a58dae2ea6d6c849) C:\Windows\system32\Drivers\LEqdUsb.Sys
20:36:03.0543 5348	LEqdUsb - ok
20:36:03.0574 5348	LHidFilt        (b68309f25c5787385da842eb5b496958) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:36:03.0590 5348	LHidFilt - ok
20:36:03.0605 5348	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:36:03.0637 5348	lltdio - ok
20:36:03.0652 5348	LMouFilt        (63d3b1d3cd267fcc186a0146b80d453b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:36:03.0668 5348	LMouFilt - ok
20:36:03.0683 5348	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:36:03.0699 5348	LSI_FC - ok
20:36:03.0715 5348	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:36:03.0730 5348	LSI_SAS - ok
20:36:03.0746 5348	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:36:03.0761 5348	LSI_SAS2 - ok
20:36:03.0777 5348	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:36:03.0793 5348	LSI_SCSI - ok
20:36:03.0808 5348	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:36:03.0839 5348	luafv - ok
20:36:03.0902 5348	LUsbFilt        (0c62957912d4df1e4ba9795e6be3ed38) C:\Windows\system32\Drivers\LUsbFilt.Sys
20:36:03.0917 5348	LUsbFilt - ok
20:36:04.0011 5348	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:36:04.0027 5348	megasas - ok
20:36:04.0089 5348	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:36:04.0105 5348	MegaSR - ok
20:36:04.0167 5348	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:36:04.0214 5348	Modem - ok
20:36:04.0229 5348	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:36:04.0245 5348	monitor - ok
20:36:04.0292 5348	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:36:04.0292 5348	mouclass - ok
20:36:04.0339 5348	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:36:04.0354 5348	mouhid - ok
20:36:04.0385 5348	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:36:04.0385 5348	mountmgr - ok
20:36:04.0417 5348	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:36:04.0432 5348	mpio - ok
20:36:04.0448 5348	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:36:04.0479 5348	mpsdrv - ok
20:36:04.0526 5348	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:36:04.0573 5348	MRxDAV - ok
20:36:04.0619 5348	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:36:04.0651 5348	mrxsmb - ok
20:36:04.0682 5348	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:36:04.0713 5348	mrxsmb10 - ok
20:36:04.0729 5348	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:36:04.0760 5348	mrxsmb20 - ok
20:36:04.0775 5348	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:36:04.0791 5348	msahci - ok
20:36:04.0807 5348	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:36:04.0822 5348	msdsm - ok
20:36:04.0853 5348	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:36:04.0869 5348	Msfs - ok
20:36:04.0885 5348	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:36:04.0931 5348	mshidkmdf - ok
20:36:04.0963 5348	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:36:04.0963 5348	msisadrv - ok
20:36:05.0009 5348	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:36:05.0041 5348	MSKSSRV - ok
20:36:05.0134 5348	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:36:05.0165 5348	MSPCLOCK - ok
20:36:05.0181 5348	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:36:05.0212 5348	MSPQM - ok
20:36:05.0243 5348	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:36:05.0259 5348	MsRPC - ok
20:36:05.0275 5348	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
20:36:05.0290 5348	mssmbios - ok
20:36:05.0306 5348	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:36:05.0337 5348	MSTEE - ok
20:36:05.0337 5348	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:36:05.0368 5348	MTConfig - ok
20:36:05.0446 5348	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
20:36:05.0493 5348	MTsensor - ok
20:36:05.0493 5348	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:36:05.0509 5348	Mup - ok
20:36:05.0540 5348	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:36:05.0555 5348	NativeWifiP - ok
20:36:05.0587 5348	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:36:05.0602 5348	NDIS - ok
20:36:05.0618 5348	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:36:05.0649 5348	NdisCap - ok
20:36:05.0680 5348	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:36:05.0711 5348	NdisTapi - ok
20:36:05.0758 5348	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:36:05.0789 5348	Ndisuio - ok
20:36:05.0836 5348	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:36:05.0867 5348	NdisWan - ok
20:36:05.0899 5348	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:36:05.0914 5348	NDProxy - ok
20:36:05.0945 5348	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:36:05.0961 5348	NetBIOS - ok
20:36:06.0039 5348	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\drivers\netbt.sys
20:36:06.0055 5348	NetBT - ok
20:36:06.0117 5348	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:36:06.0133 5348	nfrd960 - ok
20:36:06.0179 5348	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:36:06.0211 5348	Npfs - ok
20:36:06.0226 5348	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:36:06.0257 5348	nsiproxy - ok
20:36:06.0335 5348	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:36:06.0351 5348	Ntfs - ok
20:36:06.0367 5348	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:36:06.0398 5348	Null - ok
20:36:06.0460 5348	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:36:06.0460 5348	nvraid - ok
20:36:06.0523 5348	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:36:06.0538 5348	nvstor - ok
20:36:06.0569 5348	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:36:06.0585 5348	nv_agp - ok
20:36:06.0647 5348	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:36:06.0663 5348	ohci1394 - ok
20:36:06.0710 5348	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:36:06.0725 5348	Parport - ok
20:36:06.0772 5348	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
20:36:06.0772 5348	partmgr - ok
20:36:06.0788 5348	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:36:06.0803 5348	Parvdm - ok
20:36:06.0850 5348	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:36:06.0866 5348	pccsmcfd - ok
20:36:06.0913 5348	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:36:06.0913 5348	pci - ok
20:36:06.0944 5348	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:36:06.0959 5348	pciide - ok
20:36:06.0991 5348	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:36:07.0006 5348	pcmcia - ok
20:36:07.0022 5348	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:36:07.0037 5348	pcw - ok
20:36:07.0053 5348	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:36:07.0100 5348	PEAUTH - ok
20:36:07.0178 5348	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:36:07.0209 5348	PptpMiniport - ok
20:36:07.0225 5348	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:36:07.0240 5348	Processor - ok
20:36:07.0303 5348	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:36:07.0334 5348	Psched - ok
20:36:07.0349 5348	PTDVB           (a67e3e4a7b6c854659deaa372f1d3dc0) C:\Windows\system32\Drivers\TTCinTun.sys
20:36:07.0381 5348	PTDVB ( UnsignedFile.Multi.Generic ) - warning
20:36:07.0381 5348	PTDVB - detected UnsignedFile.Multi.Generic (1)
20:36:07.0427 5348	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
20:36:07.0427 5348	PxHelp20 - ok
20:36:07.0474 5348	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:36:07.0505 5348	ql2300 - ok
20:36:07.0537 5348	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:36:07.0552 5348	ql40xx - ok
20:36:07.0552 5348	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:36:07.0568 5348	QWAVEdrv - ok
20:36:07.0568 5348	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:36:07.0599 5348	RasAcd - ok
20:36:07.0646 5348	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:36:07.0661 5348	RasAgileVpn - ok
20:36:07.0739 5348	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:36:07.0771 5348	Rasl2tp - ok
20:36:07.0802 5348	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:36:07.0833 5348	RasPppoe - ok
20:36:07.0849 5348	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:36:07.0880 5348	RasSstp - ok
20:36:07.0911 5348	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:36:07.0942 5348	rdbss - ok
20:36:07.0958 5348	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:36:07.0958 5348	rdpbus - ok
20:36:07.0989 5348	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:36:08.0020 5348	RDPCDD - ok
20:36:08.0051 5348	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
20:36:08.0083 5348	RDPDR - ok
20:36:08.0114 5348	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:36:08.0145 5348	RDPENCDD - ok
20:36:08.0161 5348	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:36:08.0176 5348	RDPREFMP - ok
20:36:08.0207 5348	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
20:36:08.0239 5348	RDPWD - ok
20:36:08.0285 5348	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:36:08.0285 5348	rdyboost - ok
20:36:08.0363 5348	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
20:36:08.0395 5348	RFCOMM - ok
20:36:08.0473 5348	RivaTuner32     (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner\RivaTuner32.sys
20:36:08.0473 5348	RivaTuner32 ( UnsignedFile.Multi.Generic ) - warning
20:36:08.0473 5348	RivaTuner32 - detected UnsignedFile.Multi.Generic (1)
20:36:08.0535 5348	RLDesignVirtualAudioCableWdm (f5cd7457fa2f0d1078992ccb77a546c4) C:\Windows\system32\DRIVERS\livecamv.sys
20:36:08.0551 5348	RLDesignVirtualAudioCableWdm - ok
20:36:08.0566 5348	ROOTMODEM       (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
20:36:08.0597 5348	ROOTMODEM - ok
20:36:08.0644 5348	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:36:08.0691 5348	rspndr - ok
20:36:08.0707 5348	RTL8187         (9a2de9aa2e270c4d73bdcf3a545271a9) C:\Windows\system32\DRIVERS\RTL8187.sys
20:36:08.0753 5348	RTL8187 - ok
20:36:08.0769 5348	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
20:36:08.0800 5348	s3cap - ok
20:36:08.0878 5348	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:36:08.0878 5348	sbp2port - ok
20:36:08.0941 5348	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:36:08.0972 5348	scfilter - ok
20:36:09.0003 5348	SCL01132        (7a0db9bc5b3e9cdf3b53a67ebdd8a5db) C:\Windows\system32\DRIVERS\SCL01132.sys
20:36:09.0019 5348	SCL01132 - ok
20:36:09.0050 5348	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:36:09.0081 5348	secdrv - ok
20:36:09.0081 5348	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:36:09.0097 5348	Serenum - ok
20:36:09.0112 5348	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:36:09.0128 5348	sermouse - ok
20:36:09.0159 5348	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:36:09.0190 5348	sffdisk - ok
20:36:09.0206 5348	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:36:09.0237 5348	sffp_mmc - ok
20:36:09.0253 5348	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:36:09.0284 5348	sffp_sd - ok
20:36:09.0284 5348	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:36:09.0315 5348	sfloppy - ok
20:36:09.0346 5348	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:36:09.0362 5348	sisagp - ok
20:36:09.0377 5348	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:36:09.0377 5348	SiSRaid2 - ok
20:36:09.0393 5348	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:36:09.0409 5348	SiSRaid4 - ok
20:36:09.0424 5348	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:36:09.0440 5348	Smb - ok
20:36:09.0471 5348	speedfan        (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
20:36:09.0502 5348	speedfan ( UnsignedFile.Multi.Generic ) - warning
20:36:09.0502 5348	speedfan - detected UnsignedFile.Multi.Generic (1)
20:36:09.0518 5348	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:36:09.0533 5348	spldr - ok
20:36:09.0565 5348	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:36:09.0596 5348	srv - ok
20:36:09.0643 5348	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:36:09.0674 5348	srv2 - ok
20:36:09.0689 5348	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:36:09.0721 5348	srvnet - ok
20:36:09.0752 5348	sscebus         (b2063ce662af3ab20045121a5b716df6) C:\Windows\system32\DRIVERS\sscebus.sys
20:36:09.0767 5348	sscebus - ok
20:36:09.0799 5348	sscemdfl        (66799dc0afe3dcaf8368cae17394a762) C:\Windows\system32\DRIVERS\sscemdfl.sys
20:36:09.0814 5348	sscemdfl - ok
20:36:09.0845 5348	sscemdm         (cbf03ffc08f8db547bab2f79aa663d16) C:\Windows\system32\DRIVERS\sscemdm.sys
20:36:09.0845 5348	sscemdm - ok
20:36:09.0877 5348	ssceserd        (60cd4ad33aa52e58faac3abad18cf8ef) C:\Windows\system32\DRIVERS\ssceserd.sys
20:36:09.0877 5348	ssceserd - ok
20:36:09.0939 5348	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:36:09.0955 5348	ssmdrv - ok
20:36:10.0017 5348	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:36:10.0033 5348	stexstor - ok
20:36:10.0064 5348	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
20:36:10.0079 5348	storflt - ok
20:36:10.0111 5348	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
20:36:10.0126 5348	storvsc - ok
20:36:10.0142 5348	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
20:36:10.0157 5348	swenum - ok
20:36:10.0235 5348	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
20:36:10.0282 5348	Tcpip - ok
20:36:10.0298 5348	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
20:36:10.0329 5348	TCPIP6 - ok
20:36:10.0360 5348	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:36:10.0391 5348	tcpipreg - ok
20:36:10.0423 5348	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:36:10.0454 5348	TDPIPE - ok
20:36:10.0469 5348	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
20:36:10.0501 5348	TDTCP - ok
20:36:10.0516 5348	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:36:10.0547 5348	tdx - ok
20:36:10.0579 5348	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
20:36:10.0579 5348	TermDD - ok
20:36:10.0657 5348	toshidpt        (85b6ff02491b6db3572b4f93e56cab7c) C:\Windows\system32\drivers\Toshidpt.sys
20:36:10.0657 5348	toshidpt - ok
20:36:10.0688 5348	tosporte        (90afa1a4451bbbee87c9f18a665d8121) C:\Windows\system32\DRIVERS\tosporte.sys
20:36:10.0688 5348	tosporte - ok
20:36:10.0735 5348	tosrfbd         (360f19e411f0b94bdcc59e670c979392) C:\Windows\system32\DRIVERS\tosrfbd.sys
20:36:10.0750 5348	tosrfbd - ok
20:36:10.0781 5348	tosrfbnp        (74392bab3f0d4810da8436ec79d6955d) C:\Windows\system32\Drivers\tosrfbnp.sys
20:36:10.0797 5348	tosrfbnp - ok
20:36:10.0813 5348	Tosrfcom        (1ad9eb1b5abd0aeee4084c8153476f1e) C:\Windows\system32\Drivers\tosrfcom.sys
20:36:10.0828 5348	Tosrfcom - ok
20:36:10.0859 5348	Tosrfhid        (a72a3473180f378cc07d342803ffd580) C:\Windows\system32\DRIVERS\Tosrfhid.sys
20:36:10.0859 5348	Tosrfhid - ok
20:36:10.0891 5348	tosrfnds        (b2a1a6538245fd69578224bbf2fd4677) C:\Windows\system32\DRIVERS\tosrfnds.sys
20:36:10.0906 5348	tosrfnds - ok
20:36:11.0000 5348	TosRfSnd        (3de5cbb4f8eb64563ce08e8ec7458d03) C:\Windows\system32\drivers\tosrfsnd.sys
20:36:11.0015 5348	TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
20:36:11.0015 5348	TosRfSnd - detected UnsignedFile.Multi.Generic (1)
20:36:11.0047 5348	Tosrfusb        (b103dfeff2b88bda9c00ca280ae90b75) C:\Windows\system32\DRIVERS\tosrfusb.sys
20:36:11.0062 5348	Tosrfusb - ok
20:36:11.0093 5348	truecrypt       (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys
20:36:11.0109 5348	truecrypt - ok
20:36:11.0140 5348	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:36:11.0171 5348	tssecsrv - ok
20:36:11.0218 5348	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:36:11.0234 5348	TsUsbFlt - ok
20:36:11.0265 5348	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:36:11.0296 5348	tunnel - ok
20:36:11.0327 5348	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:36:11.0327 5348	uagp35 - ok
20:36:11.0359 5348	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:36:11.0390 5348	udfs - ok
20:36:11.0437 5348	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:36:11.0437 5348	uliagpkx - ok
20:36:11.0483 5348	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
20:36:11.0515 5348	umbus - ok
20:36:11.0530 5348	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:36:11.0546 5348	UmPass - ok
20:36:11.0577 5348	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
20:36:11.0608 5348	usbaudio - ok
20:36:11.0639 5348	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
20:36:11.0686 5348	usbccgp - ok
20:36:11.0702 5348	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:36:11.0717 5348	usbcir - ok
20:36:11.0749 5348	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
20:36:11.0764 5348	usbehci - ok
20:36:11.0795 5348	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:36:11.0811 5348	usbhub - ok
20:36:11.0827 5348	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
20:36:11.0858 5348	usbohci - ok
20:36:11.0858 5348	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:36:11.0873 5348	usbprint - ok
20:36:11.0889 5348	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
20:36:11.0920 5348	usbscan - ok
20:36:11.0920 5348	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:36:11.0951 5348	USBSTOR - ok
20:36:11.0983 5348	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:36:11.0998 5348	usbuhci - ok
20:36:12.0045 5348	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
20:36:12.0076 5348	usbvideo - ok
20:36:12.0107 5348	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:36:12.0123 5348	vdrvroot - ok
20:36:12.0154 5348	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:36:12.0185 5348	vga - ok
20:36:12.0201 5348	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:36:12.0217 5348	VgaSave - ok
20:36:12.0263 5348	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:36:12.0279 5348	vhdmp - ok
20:36:12.0295 5348	VHidMinidrv - ok
20:36:12.0295 5348	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:36:12.0310 5348	viaagp - ok
20:36:12.0326 5348	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:36:12.0357 5348	ViaC7 - ok
20:36:12.0388 5348	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:36:12.0388 5348	viaide - ok
20:36:12.0404 5348	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
20:36:12.0435 5348	vmbus - ok
20:36:12.0466 5348	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
20:36:12.0497 5348	VMBusHID - ok
20:36:12.0513 5348	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:36:12.0544 5348	volmgr - ok
20:36:12.0575 5348	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:36:12.0591 5348	volmgrx - ok
20:36:12.0622 5348	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:36:12.0638 5348	volsnap - ok
20:36:12.0669 5348	vpnva - ok
20:36:12.0685 5348	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:36:12.0700 5348	vsmraid - ok
20:36:12.0716 5348	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
20:36:12.0747 5348	vwifibus - ok
20:36:12.0778 5348	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:36:12.0794 5348	WacomPen - ok
20:36:12.0809 5348	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:36:12.0841 5348	WANARP - ok
20:36:12.0841 5348	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:36:12.0856 5348	Wanarpv6 - ok
20:36:12.0872 5348	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:36:12.0887 5348	Wd - ok
20:36:12.0903 5348	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:36:12.0934 5348	Wdf01000 - ok
20:36:12.0965 5348	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:36:12.0997 5348	WfpLwf - ok
20:36:13.0090 5348	wg121           (5680e49814686b56e86f51b3858428fb) C:\Windows\system32\DRIVERS\wg121nd5.sys
20:36:13.0106 5348	wg121 ( UnsignedFile.Multi.Generic ) - warning
20:36:13.0106 5348	wg121 - detected UnsignedFile.Multi.Generic (1)
20:36:13.0121 5348	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:36:13.0137 5348	WIMMount - ok
20:36:13.0199 5348	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
20:36:13.0231 5348	WinUsb - ok
20:36:13.0277 5348	WmBEnum         (84a90f13eebf4380345ef9474d30f10e) C:\Windows\system32\drivers\WmBEnum.sys
20:36:13.0293 5348	WmBEnum - ok
20:36:13.0324 5348	WmFilter        (eb0034ac02a44dc784a3174d2b81e764) C:\Windows\system32\drivers\WmFilter.sys
20:36:13.0340 5348	WmFilter - ok
20:36:13.0371 5348	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:36:13.0387 5348	WmiAcpi - ok
20:36:13.0402 5348	WmVirHid        (72c4f5a748c74d8d4016ccfa7367210f) C:\Windows\system32\drivers\WmVirHid.sys
20:36:13.0418 5348	WmVirHid - ok
20:36:13.0433 5348	WmXlCore        (eacdcced934a185e61ce0684f71c2dec) C:\Windows\system32\drivers\WmXlCore.sys
20:36:13.0449 5348	WmXlCore - ok
20:36:13.0465 5348	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:36:13.0511 5348	ws2ifsl - ok
20:36:13.0558 5348	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:36:13.0605 5348	WudfPf - ok
20:36:13.0652 5348	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:36:13.0667 5348	WUDFRd - ok
20:36:13.0730 5348	yukonw7         (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
20:36:13.0745 5348	yukonw7 - ok
20:36:13.0777 5348	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:36:13.0839 5348	\Device\Harddisk1\DR1 - ok
20:36:13.0855 5348	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:36:13.0948 5348	\Device\Harddisk0\DR0 - ok
20:36:13.0948 5348	Boot (0x1200)   (7568ca946bf94e137e1727d699a88cc2) \Device\Harddisk1\DR1\Partition0
20:36:13.0948 5348	\Device\Harddisk1\DR1\Partition0 - ok
20:36:13.0948 5348	Boot (0x1200)   (75ec512ea43b637d8698677a23a4abc1) \Device\Harddisk0\DR0\Partition0
20:36:13.0948 5348	\Device\Harddisk0\DR0\Partition0 - ok
20:36:13.0979 5348	Boot (0x1200)   (15433ee67145168f407d37384729379e) \Device\Harddisk0\DR0\Partition1
20:36:13.0979 5348	\Device\Harddisk0\DR0\Partition1 - ok
20:36:13.0995 5348	Boot (0x1200)   (d4a91c9a18977eb238762efe0ef1a718) \Device\Harddisk0\DR0\Partition2
20:36:13.0995 5348	\Device\Harddisk0\DR0\Partition2 - ok
20:36:13.0995 5348	Boot (0x1200)   (77997c8daa0ca53dff5ef59bdeaa9c24) \Device\Harddisk0\DR0\Partition3
20:36:13.0995 5348	\Device\Harddisk0\DR0\Partition3 - ok
20:36:13.0995 5348	============================================================
20:36:13.0995 5348	Scan finished
20:36:13.0995 5348	============================================================
20:36:14.0011 1792	Detected object count: 8
20:36:14.0011 1792	Actual detected object count: 8
20:36:32.0871 1792	Cap7146_DVB ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:32.0871 1792	Cap7146_DVB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:36:32.0871 1792	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:32.0871 1792	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:36:32.0871 1792	giveio ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:32.0871 1792	giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:36:32.0871 1792	PTDVB ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:32.0871 1792	PTDVB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:36:32.0871 1792	RivaTuner32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:32.0871 1792	RivaTuner32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:36:32.0871 1792	speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:32.0871 1792	speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:36:32.0871 1792	TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:32.0871 1792	TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:36:32.0871 1792	wg121 ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:32.0871 1792	wg121 ( UnsignedFile.Multi.Generic ) - User select action: Skip

P.S.: Kann man seinen alten Beitrag noch irgendwie bearbeiten (lassen)? Hab vergessen den Usernamen zu anonymisieren.

cosinus · 18.01.2012, 20:52

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

F0ggy · 19.01.2012, 08:46

Guten Morgen!

gmer.log

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-18 23:16:55
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
Running: gbujjwzs.exe; Driver: C:\Users\***\AppData\Local\Temp\uwriiaow.sys


---- System - GMER 1.0.15 ----

SSDT            93D5057E                                                                                           ZwCreateSymbolicLinkObject
SSDT            93D50583                                                                                           ZwLoadDriver
SSDT            93D50579                                                                                           ZwOpenSection
SSDT            93D50588                                                                                           ZwSetSystemInformation
SSDT            93D50547                                                                                           ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKey + 13CD                                                                      8346E9A9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                             8348E4E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 14C7                                                                83495884 4 Bytes  [7E, 05, D5, 93] {JLE 0x7; AAD 0x93}
.text           ntoskrnl.exe!KeRemoveQueueEx + 15DB                                                                83495998 4 Bytes  [83, 05, D5, 93]
.text           ntoskrnl.exe!KeRemoveQueueEx + 1677                                                                83495A34 4 Bytes  [79, 05, D5, 93] {JNS 0x7; AAD 0x93}
.text           ntoskrnl.exe!KeRemoveQueueEx + 18E7                                                                83495CA4 4 Bytes  [88, 05, D5, 93]
.text           ntoskrnl.exe!KeRemoveQueueEx + 1937                                                                83495CF4 4 Bytes  [47, 05, D5, 93]
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                           section is writeable [0x9480C000, 0x388539, 0xE8000020]
.text           C:\Windows\system32\drivers\ACEDRV09.sys                                                           section is writeable [0x924E9000, 0x3326E, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\ACEDRV09.sys                                                           entry point in ".pklstb" section [0x9252E000]
.relo2          C:\Windows\system32\drivers\ACEDRV09.sys                                                           unknown last section [0x9254A000, 0x8E, 0x42000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [74592437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]               [74575600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [745756BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                     [745924B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]           [74588514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]             [74584CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [7458506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]           [74585144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [74586671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [7458826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]       [745887BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]     [7458901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]           [7458E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]               [74584BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000058                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\FileOpenWebPublisherScreenHookDriver \Device\FileOpenWebPublisherScreenHookDriver          fowp32.sys

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd60f1b8                        
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd60f1b8@0019630f0e22           0x33 0x35 0x70 0xF6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd60f1b8@e8e5d6e39666           0xE5 0xB5 0x34 0x05 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd60f1b8 (not active ControlSet)    
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd60f1b8@0019630f0e22               0x33 0x35 0x70 0xF6 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd60f1b8@e8e5d6e39666               0xE5 0xB5 0x34 0x05 ...

---- EOF - GMER 1.0.15 ----

osam.log

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:22:47 on 18.01.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 9.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV09.sys
"ATI Function Driver for HD Audio Service" (AtiHDAudioService) - "ATI Technologies, Inc." - C:\Windows\System32\drivers\AtihdW73.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"Bluetooth Audio" (TosRfSnd) - "TOSHIBA Corporation" - C:\Windows\System32\drivers\tosrfsnd.sys
"Bluetooth COM Port" (tosporte) - "TOSHIBA Corporation" - C:\Windows\System32\DRIVERS\tosporte.sys
"Bluetooth HID Bus Service" (BtHidBus) - "IVT Corporation." - C:\Windows\System32\Drivers\BtHidBus.sys
"Bluetooth HID Device Service" (VHidMinidrv) - ? - C:\Windows\System32\drivers\VHIDMini.sys  (File not found)
"Bluetooth HID Port" (toshidpt) - "TOSHIBA Corporation." - C:\Windows\System32\drivers\Toshidpt.sys
"Bluetooth PAN Bus Service" (btnetBUs) - ? - C:\Windows\System32\Drivers\btnetBus.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"Bluetooth PAN Network Adapter" (BT) - ? - C:\Windows\System32\DRIVERS\btnetdrv.sys  (File not found)
"Bluetooth Personal Area Network" (tosrfnds) - "TOSHIBA Corporation." - C:\Windows\System32\DRIVERS\tosrfnds.sys
"Bluetooth RFBNEP" (tosrfbnp) - "TOSHIBA Corporation" - C:\Windows\System32\Drivers\tosrfbnp.sys
"Bluetooth RFBUS" (tosrfbd) - "TOSHIBA CORPORATION" - C:\Windows\System32\DRIVERS\tosrfbd.sys
"Bluetooth RFCOMM" (Tosrfcom) - "TOSHIBA Corporation" - C:\Windows\System32\Drivers\tosrfcom.sys
"Bluetooth RFHID" (Tosrfhid) - "TOSHIBA Corporation." - C:\Windows\System32\DRIVERS\Tosrfhid.sys
"Bluetooth Serial Port Bus Service" (BTCOMBUS) - ? - C:\Windows\System32\Drivers\btcombus.sys  (File not found)
"Bluetooth Serial port driver" (BTCOM) - ? - C:\Windows\System32\DRIVERS\btcomport.sys  (File not found)
"Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - C:\Windows\System32\DRIVERS\tosrfusb.sys
"Bluetooth USB For Bluetooth Service" (Btcsrusb) - ? - C:\Windows\System32\Drivers\btcusb.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco AnyConnect VPN Virtual Miniport Adapter for Windows" (vpnva) - ? - C:\Windows\System32\DRIVERS\vpnva.sys  (File not found)
"connctfyMP" (connctfyMP) - "Connectify" - C:\Windows\System32\DRIVERS\connctfy.sys
"Connectify Service" (connctfy) - "Connectify" - C:\Windows\System32\DRIVERS\connctfy.sys
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"IVT Bluetooth Bus Service" (IvtBtBUs) - "IVT Corporation." - C:\Windows\System32\Drivers\IvtBtBus.sys
"Live! Cam Virtual" (RLDesignVirtualAudioCableWdm) - ? - C:\Windows\System32\DRIVERS\livecamv.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"NETGEAR WG121 802.11g Wireless USB2.0 Adapter" (wg121) - "NETGEAR, Inc." - C:\Windows\System32\DRIVERS\wg121nd5.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"RivaTuner32" (RivaTuner32) - ? - C:\Program Files\RivaTuner\RivaTuner32.sys  (File found, but it contains no detailed information)
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys
"uwriiaow" (uwriiaow) - ? - C:\Users\***\AppData\Local\Temp\uwriiaow.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Video\The FilmMachine\Filters\mmfinfo.dll  (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{E31004D1-A431-41B8-826F-E902F9D95C81} "Windows DreamScene" - "Microsoft Corporation" - C:\Windows\System32\DreamScene.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0904-1983-8D3B-444553540000} "AFS_ShellExt Class" - ? - C:\Program Files\Osborn Software\Advanced File Security\AFS_ShellExt.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{FCF608CF-5716-47C3-A1A8-991D873AF72B} "Delphi Context Menu Shell Extension Example" - ? - C:\PROGRA~1\Exifer\EXIFER~1.DLL  (File found, but it contains no detailed information)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Video\The FilmMachine\Filters\mmfinfo.dll  (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Program Files\Video\The FilmMachine\Filters\mmfinfo.dll  (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Program Files\Video\The FilmMachine\Filters\mmfinfo.dll  (File found, but it contains no detailed information)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{3DBEE9A1-C471-4B95-BBCA-F39310064458} "Microsoft Camera Raw Property Store" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - ? - C:\Windows\system32\nvshext.dll  (File not found)
{67C63340-679B-11D2-92EE-000021474C11} "OpenExpert Extensions" - ? - C:\Windows\system32\OpenExpert.dll  (File not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{40D6434C-DE6A-4C61-B016-96DF78B20E7E} "Web Sites" - "Microsoft Corporation" - C:\Program Files\Microsoft Expression\Web 4\fpnse.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{784797A8-342D-4072-9486-03C8D0F2F0A1} "Battlefield Heroes Updater" - "EA Digital Illusions CE AB" - C:\Windows\Downloaded Program Files\BFHUpdater.dll / https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Spamihilator.lnk" - "Michel Krämer" - C:\Program Files\Spamihilator\spamihilator.exe  (Shortcut exists | File exists)
"speedfan.lnk" - "Almico Software (www.almico.com)" - C:\Program Files\System\SpeedFan\speedfan.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Dexpot" - "Dexpot GbR" - C:\Program Files\Dexpot\dexpot.exe
"KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"StrokeIt" - ? - C:\Program Files\System\StrokeIt\StrokeIt.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"amd_dc_opt" - "AMD" - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"EvtMgr6" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"Power Manager" - "Gembird Europe B.V." - "C:\Program Files\Gembird\Power Manager\pm.exe" -winstartup
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFill Writer Monitor" - "Windows (R) Codename Longhorn DDK provider" - C:\Program Files\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cobian Backup 10" (CobianBackup10) - "Luis Cobian, CobianSoft" - C:\Program Files\Cobian Backup 10\cbService.exe
"Cobian Backup 10 Volume Shadow Copy service" (cbVSCService) - "CobianSoft, Luis Cobian" - C:\Program Files\Cobian Backup 10\cbVSCService.exe
"CVirtA" (nvatabus) - ? - C:\Windows\system32\NEOFLTR_600_13319.dll  (File not found)
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"FileOpenManagerSvc" (FileOpenManagerSvc) - "FileOpen Systems Inc." - C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MemeoBackgroundService" (MemeoBackgroundService) - "Memeo" - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PMBDeviceInfoProvider" (PMBDeviceInfoProvider) - "Sony Corporation" - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"SAMSUNG AllShare Service" (AllShare) - ? - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe  (File found, but it contains no detailed information)
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"SimpleSlideShowServer" (SimpleSlideShowServer) - "Samsung Electronics" - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
"ScCertProp" - ? - wlnotify.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR.log

Code:

ATTFilter

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-18 23:25:03
-----------------------------
23:25:03.110    OS Version: Windows 6.1.7601 Service Pack 1
23:25:03.110    Number of processors: 2 586 0x1706
23:25:03.126    ComputerName: ***-WIN7  UserName: ***
23:25:03.796    Initialize success
23:25:39.361    AVAST engine defs: 12011801
23:26:05.444    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:26:05.444    Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8
23:26:05.444    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-9
23:26:05.444    Disk 1 Vendor: SAMSUNG_HD501LJ CR100-13 Size: 476940MB BusType: 11
23:26:05.537    Disk 0 MBR read successfully
23:26:05.537    Disk 0 MBR scan
23:26:05.553    Disk 0 Windows 7 default MBR code
23:26:05.600    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       102400 MB offset 2048
23:26:05.709    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       425728 MB offset 209717248
23:26:05.756    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       323344 MB offset 1081608192
23:26:05.756    Disk 0 Partition - 00     0F Extended LBA            102400 MB offset 1743818752
23:26:05.896    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       102399 MB offset 1743820800
23:26:05.943    Disk 0 scanning sectors +1953533952
23:26:06.427    Disk 0 scanning C:\Windows\system32\drivers
23:28:13.645    Service scanning
23:28:14.799    Modules scanning
23:30:39.645    Disk 0 trace - called modules:
23:30:39.739    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
23:30:39.739    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88b0c450]
23:30:39.739    3 CLASSPNP.SYS[8d28659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86bcf028]
23:30:40.113    AVAST engine scan C:\Windows
23:31:46.772    AVAST engine scan C:\Windows\system32
23:56:27.995    AVAST engine scan C:\Windows\system32\drivers
23:59:44.306    AVAST engine scan C:\Users\***
03:21:55.277    AVAST engine scan C:\ProgramData
05:50:53.656    Scan finished successfully
08:42:31.967    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
08:42:31.967    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

cosinus · 19.01.2012, 10:54

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

F0ggy · 19.01.2012, 20:22

Leider wohl doch nicht so ganz? Siehe letzten beiden Einträge:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.19.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-WIN7 [Administrator]

19.01.2012 12:56:14
mbam-log-2012-01-19 (20-20-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1407851
Laufzeit: 7 Stunde(n), 12 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 10
C:\Qoobox\Quarantine\C\Users\***\AppData\Local\46f8b494\U\00000001.@.vir (Backdoor.0Access) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Users\***\AppData\Local\46f8b494\U\000000c0.@.vir (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Users\***\AppData\Local\46f8b494\U\000000cb.@.vir (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Users\***\AppData\Local\46f8b494\U\000000cf.@.vir (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Users\***\AppData\Local\46f8b494\U\800000c0.@.vir (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Users\***\AppData\Local\46f8b494\U\800000cb.@.vir (Backdoor.0Access) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_MSIL\desktop.ini.vir (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Windows\system32\isdrv120.dll.vir (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt.

(Ende)

Hab noch keine Aktion ausgeführt. Soll ich "Entferne Auswahl" anklicken?

cosinus · 19.01.2012, 23:42

Das ist ok. In C:\Qoobox bzw. C:\_OTL (Q-Ordner von CF und OTL) sind die Schädlinge isoliert und gut aufgehoben.
Mach die anderen Scans noch

F0ggy · 20.01.2012, 18:42

SuperAntiSpyware Log:
Ist der letzte Eintrag kritisch? Antivir meldet diesen Fund Ebenfalls.

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/20/2012 at 06:23 PM

Application Version : 5.0.1142

Core Rules Database Version : 8149
Trace Rules Database Version: 5961

Scan type       : Complete Scan
Total Scan Time : 08:19:25

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 819
Memory threats detected   : 0
Registry items scanned    : 40726
Registry threats detected : 0
File items scanned        : 1119147
File threats detected     : 404

Adware.Tracking Cookie
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\R0YT9EB1.txt [ /server.lon.liveperson.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\NSNW07H4.txt [ /imrworldwide.com ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\A8V0U3IG.txt [ /liveperson.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\ML7XBZNN.txt [ /liveperson.net ]
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\D3SKEA63.txt [ /specificclick.net ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\RNYU27VS.txt [ Cookie:***@sonyeurope.112.2o7.net/ ]
	C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\JT2LJ1UH.txt [ Cookie:***@media6degrees.com/ ]
	C:\USERS\***\Cookies\R0YT9EB1.txt [ Cookie:***@server.lon.liveperson.net/ ]
	C:\USERS\***\Cookies\NSNW07H4.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
	C:\USERS\***\Cookies\A8V0U3IG.txt [ Cookie:***@liveperson.net/hc/85950269 ]
	C:\USERS\***\Cookies\ML7XBZNN.txt [ Cookie:***@liveperson.net/ ]
	C:\USERS\***\Cookies\D3SKEA63.txt [ Cookie:***@specificclick.net/ ]
	ia.media-imdb.com [ D:\USERS\*** ***\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TR5383GN ]
	vhss-d.oddcast.com [ D:\USERS\*** ***\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TR5383GN ]
	www.secmedia.de [ D:\USERS\*** ***\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TR5383GN ]
	www.unitymedia.de [ D:\USERS\*** ***\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TR5383GN ]
	D:\USERS\*** ***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***_***@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
	D:\USERS\*** ***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***_***@REVSCI[1].TXT [ /REVSCI ]
	.imrworldwide.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.imrworldwide.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.webmasterplan.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.libri.112.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.sonyelectronicssupportus.112.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.sonyeurope.112.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.xiti.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.serving-sys.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.stats4free.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.stats4free.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ffindr.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.ffindr.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.ffindr.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.ffindr.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.sirtrack.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.sirtrack.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.sirtrack.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.liveperson.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	server.lon.liveperson.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.liveperson.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.doubleclick.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.opodo.122.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.serving-sys.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.unitymedia.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.unitymedia.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.unitymedia.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tradedoubler.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.content.yieldmanager.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.dmtracker.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.legolas-media.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.counter-go.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.histats.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.histats.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.team-mediaportal.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.team-mediaportal.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.forum.team-mediaportal.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.forum.team-mediaportal.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.forum.team-mediaportal.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.getclicky.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.static.getclicky.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	in.getclicky.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.blogcounter.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	faostat.fao.org [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	faostat.fao.org [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.faostat.fao.org [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.faostat.fao.org [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.faostat.fao.org [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	data.coremetrics.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.content.yieldmanager.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	s06.flagcounter.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	adfarm1.adition.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tvtv.122.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	statse.webtrendslive.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	accounts.google.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	accounts.google.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	accounts.google.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.amazon-adsystem.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.amazon-adsystem.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.c.gigcount.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	counters.gigya.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.wotifcom.112.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.traffictracker.dk [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.msnportal.112.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adbrite.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.pro-market.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.myroitracking.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.clicksor.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.clicksor.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.clicksor.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.clicksor.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.clicksor.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tradedoubler.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tradedoubler.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tradedoubler.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	api.skyscanner.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	api.skyscanner.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	api.skyscanner.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	tracking.klicktel.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.count.spring.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.zanox.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.webmasterplan.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.overture.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.overture.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.overture.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.guj.122.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.atdmt.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.atdmt.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.invitemedia.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.zanox.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.webmasterplan.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.webmasterplan.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ads.adxvalue.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.usenext.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.unitymedia.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.unitymedia.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.mediabistro.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.revsci.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.statcounter.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.doubleclick.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.serving-sys.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.serving-sys.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.apmebf.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.mediaplex.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.mediaplex.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	zbox.zanox.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.zanox.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.2o7.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	stats.computecmedia.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.blogcounter.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www6.addfreestats.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.doubleclick.net [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	www.blogcounter.de [ D:\USERS\*** ***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	.questionpro.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.surveys.questionpro.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	surveys.questionpro.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	wstat.wibiya.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.leserservice-tracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.leserservice-tracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.leserservice-tracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.bizrate.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.bizrate.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.bizrate.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.counter.inkfrog.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	tracking.tchibo.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.e-2dj6wjliegazweo.stats.esomniture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	stat.dealtime.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.plehn-media.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	kundenbereich.plehn-media.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.microsoftxbox.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.e-2dj6aemiogajgao.stats.esomniture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.sonyeurope.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tracking.percentmobile.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tracking.percentmobile.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	stats.computecmedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.counter.inkfrog.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.counter.inkfrog.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.www.unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.e-2dj6wnliepdzsfo.stats.esomniture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.adition.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.adition.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www6.addfreestats.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.dmtracker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.blogcounter.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.dyntracker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.ehg-cheaptickets.hitbox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.hitbox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.hitbox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.cheaptickets.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	server.iad.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.moviepilot.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.moviepilot.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.moviepilot.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.moviepilot.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.moviepilot.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	piwik.ddnewmedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.e-2dj6wflokhcjmco.stats.esomniture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	stats-piwik.iks.lt [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.e-2dj6wjlicidjolp.stats.esomniture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.e-2dj6wjmikpcjobq.stats.esomniture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.googleads.g.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	zbox.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.active-tracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.active-tracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.active-tracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.stats4free.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.stats4free.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	de.2.cqcounter.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.elitepvpers.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.elitepvpers.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.elitepvpers.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.elitepvpers.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.elitepvpers.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.elitepvpers.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.account.dyn.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	account.dyn.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.tourismnz.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	counters.gigya.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	server.lon.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	counter.hitslink.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.find.eu.org [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.mediaforge.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.mediaforge.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Y9DOHZS.***\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]
	www.blogcounter.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5853X5O4.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Autoit
	D:\PROGRAM FILES\HANDY\SONY ERICSSON\SONY ERICSSON PC SUITE\PC SUITE LOG.EXE

Trojan.Agent/Gen-Malintent
	D:\PROGRAM FILES\WINRAR\DEFAULT.SFX

Trojan.Agent/Gen-Autorun[Swisyn]
	E:\USERS\*** ***\DOCUMENTS\EIGENE DOWNLOADS\GRAFIK\ASCIIART-0.3-BETA\ASCII_ART.EXE
	S:\BACKUP\WICHTIGES\DOCUMENTS 2011-12-24 12;07;17\EIGENE DOWNLOADS\GRAFIK\ASCIIART-0.3-BETA\ASCII_ART.EXE
	S:\BACKUP\WICHTIGES\DOCUMENTS 2012-01-09 20;01;27\EIGENE DOWNLOADS\GRAFIK\ASCIIART-0.3-BETA\ASCII_ART.EXE

Adware.GloboLook
	E:\USERS\*** ***\DOCUMENTS\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\COMPUTERS\RECYCLE BIN\MAR FULL.ICO
	E:\USERS\*** ***\DOCUMENTS\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\TRANSPORTATION\CARS\58 CORVETTE.ICO
	S:\BACKUP\WICHTIGES\DOCUMENTS 2011-12-24 12;07;17\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\COMPUTERS\RECYCLE BIN\MAR FULL.ICO
	S:\BACKUP\WICHTIGES\DOCUMENTS 2011-12-24 12;07;17\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\TRANSPORTATION\CARS\58 CORVETTE.ICO
	S:\BACKUP\WICHTIGES\DOCUMENTS 2012-01-09 20;01;27\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\COMPUTERS\RECYCLE BIN\MAR FULL.ICO
	S:\BACKUP\WICHTIGES\DOCUMENTS 2012-01-09 20;01;27\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\TRANSPORTATION\CARS\58 CORVETTE.ICO

Trojan.Agent/Gen-Gal
	E:\USERS\*** ***\DOCUMENTS\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\FACES\REAL WOMEN - ICON LIBRARY.ICL
	S:\BACKUP\WICHTIGES\DOCUMENTS 2011-12-24 12;07;17\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\FACES\REAL WOMEN - ICON LIBRARY.ICL
	S:\BACKUP\WICHTIGES\DOCUMENTS 2012-01-09 20;01;27\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\FACES\REAL WOMEN - ICON LIBRARY.ICL

Trojan.Agent/Gen-Skelten
	E:\USERS\*** ***\DOCUMENTS\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\HOLIDAY\HOLLOWEEN - ICON LIBRARY.ICL
	S:\BACKUP\WICHTIGES\DOCUMENTS 2011-12-24 12;07;17\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\HOLIDAY\HOLLOWEEN - ICON LIBRARY.ICL
	S:\BACKUP\WICHTIGES\DOCUMENTS 2012-01-09 20;01;27\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\HOLIDAY\HOLLOWEEN - ICON LIBRARY.ICL

Trojan.Agent/Gen-Barton
	E:\USERS\*** ***\DOCUMENTS\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\TOONS\SPRINGFIELD - USA\BART UNABRIDGED - ICON LIBRARY.ICL
	S:\BACKUP\WICHTIGES\DOCUMENTS 2011-12-24 12;07;17\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\TOONS\SPRINGFIELD - USA\BART UNABRIDGED - ICON LIBRARY.ICL
	S:\BACKUP\WICHTIGES\DOCUMENTS 2012-01-09 20;01;27\EIGENE DATENBANKEN\DESKTOPSACHEN\ICONS\TOONS\SPRINGFIELD - USA\BART UNABRIDGED - ICON LIBRARY.ICL

Trojan.IRCBot/Dropper-Gen
	ZIP ARCHIVE( E:\USERS\*** ***\DOWNLOADS\DEXPOT\DEXCUBE_BUILD_R671.ZIP )/DEXCUBE/DEXCUBECONFIG.EXE
	E:\USERS\*** ***\DOWNLOADS\DEXPOT\DEXCUBE_BUILD_R671.ZIP
	ZIP ARCHIVE( E:\USERS\*** ***\DOWNLOADS\DEXPOT\DEXCUBE_BUILD_R698.ZIP )/PLUGINS/DEXCUBE/DEXCUBECONFIG.EXE
	E:\USERS\*** ***\DOWNLOADS\DEXPOT\DEXCUBE_BUILD_R698.ZIP
	ZIP ARCHIVE( S:\BACKUP\DOWNLOADS\DOWNLOADS 2011-06-12 22;37;27\DEXPOT\DEXCUBE_BUILD_R671.ZIP )/DEXCUBE/DEXCUBECONFIG.EXE
	S:\BACKUP\DOWNLOADS\DOWNLOADS 2011-06-12 22;37;27\DEXPOT\DEXCUBE_BUILD_R671.ZIP
	ZIP ARCHIVE( S:\BACKUP\DOWNLOADS\DOWNLOADS 2011-06-12 22;37;27\DEXPOT\DEXCUBE_BUILD_R698.ZIP )/PLUGINS/DEXCUBE/DEXCUBECONFIG.EXE
	S:\BACKUP\DOWNLOADS\DOWNLOADS 2011-06-12 22;37;27\DEXPOT\DEXCUBE_BUILD_R698.ZIP
	ZIP ARCHIVE( S:\BACKUP\DOWNLOADS\DOWNLOADS 2011-12-23 20;01;00\DEXPOT\DEXCUBE_BUILD_R671.ZIP )/DEXCUBE/DEXCUBECONFIG.EXE
	S:\BACKUP\DOWNLOADS\DOWNLOADS 2011-12-23 20;01;00\DEXPOT\DEXCUBE_BUILD_R671.ZIP
	ZIP ARCHIVE( S:\BACKUP\DOWNLOADS\DOWNLOADS 2011-12-23 20;01;00\DEXPOT\DEXCUBE_BUILD_R698.ZIP )/PLUGINS/DEXCUBE/DEXCUBECONFIG.EXE
	S:\BACKUP\DOWNLOADS\DOWNLOADS 2011-12-23 20;01;00\DEXPOT\DEXCUBE_BUILD_R698.ZIP

Trojan.Agent/Gen-Sirefef
	C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-NETBT_31BF3856AD364E35_6.1.7601.17514_NONE_626C324D55864070\NETBT.SYS

19.01.2012, 23:42	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mediashifting.com mit TR/Sirefef.J.637 Das ist ok. In C:\Qoobox bzw. C:\_OTL (Q-Ordner von CF und OTL) sind die Schädlinge isoliert und gut aufgehoben. Mach die anderen Scans noch __________________ Logfiles bitte immer in CODE-Tags posten

Mediashifting.com mit TR/Sirefef.J.637

Plagegeister aller Art und deren Bekämpfung: Mediashifting.com mit TR/Sirefef.J.637