Entfernung Searchcore Toolbar

HeinBlöd666 · 19.03.2012, 15:34

Hallo,

habe seit heute ein Problem mit der searchcore toolbar.

Firefox öffnet sich nur noch mit folgender Startseite: hxxp://www.searchcore.net/426

Löschen des entsprechende AddOns im Firefox, sowie der Anwedung aus der Systemsteuerung brachte erwartungsgemäß keine Verbeserung.

Defogger und dds habe ich ausgeführt. Die Logs hängen an.

Vielen schonmal im Voraus

Grüße,

Heinblöd666

cosinus · 20.03.2012, 17:03

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

HeinBlöd666 · 21.03.2012, 19:21

Hi,

Hier die Logs:

Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PC :: PC-PC [Administrator]

Schutz: Aktiviert

21.03.2012 16:33:36
mbam-log-2012-03-21 (16-33-36).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335073
Laufzeit: 43 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1756 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Löschen bei Neustart.
C:\Users\PC\AudioPerformerSetup.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\AppData\Local\Temp\Audio Performer53412.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PC\Desktop\SoftonicDownloader_fuer_audio-converter.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ESET

Code:

ATTFilter

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a9d117a6e78dea4192d78af38f870bc2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-21 06:14:48
# local_time=2012-03-21 07:14:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 13420453 13420453 0 0
# compatibility_mode=5893 16776574 100 94 25605830 83980399 0 0
# compatibility_mode=8192 67108863 100 0 7104 7104 0 0
# scanned=141586
# found=2
# cleaned=0
# scan_time=3139
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1LFZ1VD\SetupDataMngr_Searchcore[1].exe	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Users\PC\AppData\Local\Temp\nsy5A33.tmp	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I

cosinus · 22.03.2012, 11:30

Zitat:

C:\Users\PC\Desktop\SoftonicDownloader_fuer_audio-converter.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

HeinBlöd666 · 22.03.2012, 15:40

Hi,

@ Softonic: Achte da sonst auch drauf, werde es nochmal an den Verursacher weitergeben

btw.: Helfen gegen gegen solche Infektionen eigentlich die Kostenpflichtigen Antiviren-Suiten?

Hier der OTL Log:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.03.2012 15:06:01 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\PC\Desktop\TrojanerSuche
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 66,84% Memory free
7,49 Gb Paging File | 5,95 Gb Available in Paging File | 79,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,35 Gb Total Space | 188,89 Gb Free Space | 76,37% Space Free | Partition Type: NTFS
Drive D: | 218,31 Gb Total Space | 218,20 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
 
Computer Name: PC-PC | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.22 15:04:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\TrojanerSuche\OTL.exe
PRC - [2012.02.23 11:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.02.23 11:40:40 | 007,983,488 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.02.23 11:24:59 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012.02.15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.16 12:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008.08.02 08:57:14 | 001,757,184 | ---- | M] () -- C:\PROGRA~2\ESRI\License\arcgis9x\ARCGIS.exe
PRC - [2008.08.02 08:57:14 | 001,431,440 | ---- | M] (Acresso Software Inc.) -- C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.31 14:40:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.02.23 11:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.02 08:57:14 | 001,431,440 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.15 10:05:19 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.11 11:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.09.04 06:39:10 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.07.31 22:24:40 | 006,103,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.17 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.07 21:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2006.04.20 06:22:00 | 000,141,888 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\Sentinel64.sys -- (Sentinel)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchcore.net/426
IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchcore.net/426"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=161111&systemid=426&sr=0&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 16:01:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.23 10:03:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.18 12:12:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles/3mbxs9if.default\extensions\specialsavings@superfish.com
 
[2012.03.19 13:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions
[2011.01.18 16:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.19 13:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\3mbxs9if.default\extensions
[2012.03.19 12:21:12 | 000,002,525 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\3mbxs9if.default\searchplugins\Search_Results.xml
[2012.03.19 13:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.19 16:01:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.07 11:30:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.07 11:30:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.07 11:30:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.07 11:30:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 12:21:12 | 000,002,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.02.07 11:30:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.07 11:30:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchcoredtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchcoredtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4929D4E3-3D7E-4728-840F-EECD46614B6F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1DCC2D7E-887E-4842-C339-9B31005CC925} - Microsoft Windows Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.21 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.03.21 17:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.19 13:37:37 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\TrojanerSuche
[2012.03.19 13:19:38 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Malwarebytes
[2012.03.19 13:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.19 13:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.19 13:19:31 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.19 13:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.19 13:18:01 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\PC\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.19 12:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.03.19 12:18:48 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
[2012.03.19 12:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpecialSavings
[2012.03.19 12:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012.03.09 14:45:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.03.09 14:45:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.22 15:09:08 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.22 11:09:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.22 10:09:56 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.22 10:09:56 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.22 10:06:53 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.22 10:06:53 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.22 10:06:53 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.22 10:06:53 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.22 10:06:53 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.22 10:02:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.22 10:02:23 | 3018,461,184 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.21 18:29:22 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.03.19 14:19:13 | 000,000,000 | ---- | M] () -- C:\Users\PC\defogger_reenable
[2012.03.19 13:19:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.19 13:18:16 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\PC\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.15 10:33:12 | 000,477,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.13 10:09:45 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.02.27 10:08:40 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.27 10:08:39 | 000,000,970 | ---- | M] () -- C:\Users\PC\Desktop\Dropbox.lnk
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.21 18:29:22 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.03.21 18:29:22 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.03.19 14:19:13 | 000,000,000 | ---- | C] () -- C:\Users\PC\defogger_reenable
[2012.03.19 13:19:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.04 11:44:44 | 000,000,200 | ---- | C] () -- C:\Windows\AUDC80UI.dat
[2011.01.19 16:34:12 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.01.07 17:40:19 | 000,037,758 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.01.07 17:39:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.01.07 17:39:49 | 000,029,903 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.01.07 16:48:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.01.04 13:53:23 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Audacity
[2012.03.22 10:03:11 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Dropbox
[2011.10.06 12:04:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\elsterformular
[2011.10.27 11:46:39 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ESRI
[2011.08.09 09:08:44 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\GHISLER
[2011.01.27 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Leadertech
[2011.01.18 16:58:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Thunderbird
[2012.01.03 11:12:00 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.22 14:18:51 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Adobe
[2011.01.07 17:44:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ATI
[2012.01.04 13:53:23 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Audacity
[2011.10.18 10:28:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Avira
[2012.03.22 10:03:11 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Dropbox
[2011.10.06 12:04:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\elsterformular
[2011.10.27 11:46:39 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ESRI
[2011.08.09 09:08:44 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\GHISLER
[2011.01.07 17:33:50 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Identities
[2011.01.27 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Leadertech
[2011.01.27 13:07:06 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Logitech
[2011.01.20 11:00:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Macromedia
[2012.03.19 13:19:38 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Media Center Programs
[2011.08.01 12:03:22 | 000,000,000 | --SD | M] -- C:\Users\PC\AppData\Roaming\Microsoft
[2011.01.18 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Mozilla
[2011.01.18 16:58:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Thunderbird
[2011.01.21 18:00:17 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 00:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\PC\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.03.09 11:42:56 | 004,639,264 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_8086_8479.exe
[2012.03.09 11:43:14 | 004,640,224 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_8086_8479.exe
[2012.03.09 11:43:31 | 004,669,856 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_12_8086_8479.exe
[2012.03.09 11:43:48 | 004,683,496 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_8086_8479.exe
[2012.03.09 11:44:06 | 004,697,056 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_8086_8479.exe
[2012.03.09 11:44:55 | 004,628,120 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_8086_8479.exe
[2012.03.09 11:45:11 | 004,634,680 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_8086_8479.exe
[2012.03.09 11:44:23 | 004,630,176 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_8086_8479.exe
[2012.03.09 11:44:39 | 004,631,984 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_8086_8479.exe
[2012.03.09 11:45:27 | 004,642,400 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_8086_8479.exe
[2012.03.09 11:45:44 | 004,642,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_8086_8479.exe
[2012.03.09 11:46:00 | 004,694,488 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_12_8086_8479.exe
[2012.03.09 11:46:17 | 004,707,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_8086_8479.exe
[2012.03.09 11:46:34 | 004,698,048 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_8086_8479.exe
[2012.03.09 11:46:50 | 004,711,248 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_12_8086_8479.exe
[2012.03.09 11:47:08 | 004,761,304 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_8086_8479.exe
[2012.03.09 11:47:25 | 004,764,968 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_8086_8479.exe
[2012.03.09 11:47:42 | 004,804,976 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_11_8086_8479.exe
[2012.03.09 11:42:28 | 007,446,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8086_8479.exe
[2012.03.09 11:48:48 | 004,668,856 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_8086_8479.exe
[2012.03.09 11:49:04 | 004,653,424 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_8086_8479.exe
[2012.03.09 11:49:21 | 004,713,240 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_12_8086_8479.exe
[2012.03.09 11:47:58 | 004,641,784 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_8086_8479.exe
[2012.03.09 11:48:15 | 004,645,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_8086_8479.exe
[2012.03.09 11:48:31 | 004,725,792 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_11_8086_8479.exe
[2011.10.06 11:59:06 | 011,250,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\update\ElsterFormular_update-12_3_2_6814u.exe
[2011.01.07 17:44:34 | 000,010,134 | R--- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Installer\{704A7732-89FB-7002-1BAE-30A03261DA71}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< End of report >

--- --- ---

[/code]

cosinus · 22.03.2012, 16:00

Zitat:

btw.: Helfen gegen gegen solche Infektionen eigentlich die Kostenpflichtigen Antiviren-Suiten?

Nein! Man muss schonmal im Gripskasten kramen und auch mal seine Augen aufhalten und nachdenken/gut aufpassen bei Setup, was sich da noch alles mitinstallieren will! Gerade Toolbars und v.a. Setups von Softonic installieren sehr viel Schrott in Forum von Toolbars und Searchqu/Serachcore

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcore.net/426
IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.searchcore.net/426"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=161111&systemid=426&sr=0&q="
O2 - BHO: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchcoredtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchcoredtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

HeinBlöd666 · 22.03.2012, 16:50

Hi,

scheint erfolgreich gewesen zu sein. Die Startseite ist zumindest wieder die alte.

Vielen Dank für die kompetente Hilfe!

Grüße

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.
HKU\S-1-5-21-3966412049-302657136-1133191827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-3966412049-302657136-1133191827-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3966412049-302657136-1133191827-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3966412049-302657136-1133191827-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.
HKU\S-1-5-21-3966412049-302657136-1133191827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.searchcore.net/426" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=161111&systemid=426&sr=0&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af6ac4f2-9825-4fb6-a600-92bc5361f209}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af6ac4f2-9825-4fb6-a600-92bc5361f209}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{af6ac4f2-9825-4fb6-a600-92bc5361f209} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af6ac4f2-9825-4fb6-a600-92bc5361f209}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ******
 
User: PC
->Temp folder emptied: 569399954 bytes
->Temporary Internet Files folder emptied: 75054398 bytes
->Java cache emptied: 28619118 bytes
->FireFox cache emptied: 71846340 bytes
->Google Chrome cache emptied: 9706178 bytes
->Flash cache emptied: 21807 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2035712 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255330645 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 965,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03222012_163149

Files\Folders moved on Reboot...
C:\Users\PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 23.03.2012, 20:38

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

HeinBlöd666 · 27.03.2012, 07:46

Hi,

sorry, das ich jetzt erst antworte.

Hier das Log com TDSS - Killer:

Code:

ATTFilter

08:41:18.0494 3164	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
08:41:18.0759 3164	============================================================
08:41:18.0759 3164	Current date / time: 2012/03/27 08:41:18.0759
08:41:18.0759 3164	SystemInfo:
08:41:18.0759 3164	
08:41:18.0759 3164	OS Version: 6.1.7601 ServicePack: 1.0
08:41:18.0759 3164	Product type: Workstation
08:41:18.0759 3164	ComputerName: PC-PC
08:41:18.0759 3164	UserName: PC
08:41:18.0759 3164	Windows directory: C:\Windows
08:41:18.0759 3164	System windows directory: C:\Windows
08:41:18.0759 3164	Running under WOW64
08:41:18.0759 3164	Processor architecture: Intel x64
08:41:18.0759 3164	Number of processors: 4
08:41:18.0759 3164	Page size: 0x1000
08:41:18.0759 3164	Boot type: Normal boot
08:41:18.0759 3164	============================================================
08:41:20.0740 3164	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:41:20.0740 3164	\Device\Harddisk0\DR0:
08:41:20.0740 3164	MBR used
08:41:20.0740 3164	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:41:20.0740 3164	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1EEB3000
08:41:20.0740 3164	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1EEE5800, BlocksNum 0x1B49F800
08:41:20.0818 3164	Initialize success
08:41:20.0818 3164	============================================================
08:41:50.0068 2216	============================================================
08:41:50.0068 2216	Scan started
08:41:50.0068 2216	Mode: Manual; 
08:41:50.0068 2216	============================================================
08:41:50.0973 2216	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:41:50.0973 2216	1394ohci - ok
08:41:51.0035 2216	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:41:51.0035 2216	ACPI - ok
08:41:51.0066 2216	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:41:51.0082 2216	AcpiPmi - ok
08:41:51.0160 2216	Adobe LM Service (f84c9dee4698df3c1d76801b7b1b55d7) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:41:51.0160 2216	Adobe LM Service - ok
08:41:51.0269 2216	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:41:51.0285 2216	AdobeARMservice - ok
08:41:51.0316 2216	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:41:51.0332 2216	adp94xx - ok
08:41:51.0363 2216	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:41:51.0363 2216	adpahci - ok
08:41:51.0410 2216	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:41:51.0410 2216	adpu320 - ok
08:41:51.0441 2216	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:41:51.0441 2216	AeLookupSvc - ok
08:41:51.0503 2216	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:41:51.0503 2216	AFD - ok
08:41:51.0550 2216	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:41:51.0566 2216	agp440 - ok
08:41:51.0597 2216	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:41:51.0597 2216	ALG - ok
08:41:51.0675 2216	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:41:51.0690 2216	aliide - ok
08:41:51.0831 2216	AMD External Events Utility (770e25a0df8785b8e3dcf3e6a7982973) C:\Windows\system32\atiesrxx.exe
08:41:51.0831 2216	AMD External Events Utility - ok
08:41:51.0846 2216	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:41:51.0846 2216	amdide - ok
08:41:51.0909 2216	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:41:51.0909 2216	AmdK8 - ok
08:41:51.0924 2216	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:41:51.0924 2216	AmdPPM - ok
08:41:51.0971 2216	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:41:51.0971 2216	amdsata - ok
08:41:52.0002 2216	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:41:52.0002 2216	amdsbs - ok
08:41:52.0034 2216	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:41:52.0034 2216	amdxata - ok
08:41:52.0127 2216	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:41:52.0127 2216	AntiVirSchedulerService - ok
08:41:52.0174 2216	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:41:52.0174 2216	AntiVirService - ok
08:41:52.0236 2216	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:41:52.0236 2216	AppID - ok
08:41:52.0283 2216	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:41:52.0283 2216	AppIDSvc - ok
08:41:52.0314 2216	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:41:52.0314 2216	Appinfo - ok
08:41:52.0377 2216	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:41:52.0377 2216	AppMgmt - ok
08:41:52.0408 2216	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:41:52.0408 2216	arc - ok
08:41:52.0517 2216	ArcGIS License Manager (338deabd788009f2d043d3080e29930d) C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe
08:41:52.0533 2216	ArcGIS License Manager - ok
08:41:52.0548 2216	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:41:52.0548 2216	arcsas - ok
08:41:52.0580 2216	ASPI - ok
08:41:52.0611 2216	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:41:52.0611 2216	AsyncMac - ok
08:41:52.0658 2216	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:41:52.0658 2216	atapi - ok
08:41:52.0829 2216	atikmdag        (9ffafa1eeab3509735ed649296bb9224) C:\Windows\system32\DRIVERS\atikmdag.sys
08:41:52.0970 2216	atikmdag - ok
08:41:53.0001 2216	AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
08:41:53.0001 2216	AtiPcie - ok
08:41:53.0048 2216	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:41:53.0048 2216	AudioEndpointBuilder - ok
08:41:53.0063 2216	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:41:53.0063 2216	AudioSrv - ok
08:41:53.0094 2216	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
08:41:53.0094 2216	avgntflt - ok
08:41:53.0126 2216	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
08:41:53.0126 2216	avipbb - ok
08:41:53.0141 2216	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
08:41:53.0141 2216	avkmgr - ok
08:41:53.0172 2216	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:41:53.0172 2216	AxInstSV - ok
08:41:53.0235 2216	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:41:53.0235 2216	b06bdrv - ok
08:41:53.0266 2216	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:41:53.0282 2216	b57nd60a - ok
08:41:53.0297 2216	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:41:53.0297 2216	BDESVC - ok
08:41:53.0328 2216	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:41:53.0328 2216	Beep - ok
08:41:53.0438 2216	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:41:53.0453 2216	BFE - ok
08:41:53.0547 2216	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:41:53.0562 2216	BITS - ok
08:41:53.0609 2216	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:41:53.0609 2216	blbdrive - ok
08:41:53.0656 2216	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:41:53.0672 2216	bowser - ok
08:41:53.0687 2216	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:41:53.0687 2216	BrFiltLo - ok
08:41:53.0703 2216	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:41:53.0703 2216	BrFiltUp - ok
08:41:53.0734 2216	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:41:53.0734 2216	Browser - ok
08:41:53.0781 2216	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:41:53.0781 2216	Brserid - ok
08:41:53.0828 2216	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:41:53.0859 2216	BrSerWdm - ok
08:41:53.0968 2216	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:41:53.0984 2216	BrUsbMdm - ok
08:41:54.0062 2216	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:41:54.0062 2216	BrUsbSer - ok
08:41:54.0140 2216	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:41:54.0155 2216	BTHMODEM - ok
08:41:54.0218 2216	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:41:54.0218 2216	bthserv - ok
08:41:54.0264 2216	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:41:54.0280 2216	cdfs - ok
08:41:54.0374 2216	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:41:54.0389 2216	cdrom - ok
08:41:54.0467 2216	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:41:54.0483 2216	CertPropSvc - ok
08:41:54.0514 2216	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:41:54.0514 2216	circlass - ok
08:41:54.0576 2216	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:41:54.0576 2216	CLFS - ok
08:41:54.0779 2216	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:41:54.0810 2216	clr_optimization_v2.0.50727_32 - ok
08:41:54.0935 2216	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:41:54.0982 2216	clr_optimization_v2.0.50727_64 - ok
08:41:55.0076 2216	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:41:55.0169 2216	clr_optimization_v4.0.30319_32 - ok
08:41:55.0200 2216	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:41:55.0216 2216	clr_optimization_v4.0.30319_64 - ok
08:41:55.0310 2216	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:41:55.0325 2216	CmBatt - ok
08:41:55.0372 2216	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:41:55.0372 2216	cmdide - ok
08:41:55.0434 2216	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:41:55.0434 2216	CNG - ok
08:41:55.0481 2216	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:41:55.0497 2216	Compbatt - ok
08:41:55.0590 2216	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:41:55.0606 2216	CompositeBus - ok
08:41:55.0622 2216	COMSysApp - ok
08:41:55.0668 2216	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:41:55.0684 2216	crcdisk - ok
08:41:55.0715 2216	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:41:55.0715 2216	CryptSvc - ok
08:41:55.0746 2216	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:41:55.0762 2216	CSC - ok
08:41:55.0778 2216	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
08:41:55.0793 2216	CscService - ok
08:41:55.0840 2216	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:41:55.0840 2216	DcomLaunch - ok
08:41:55.0887 2216	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:41:55.0887 2216	defragsvc - ok
08:41:55.0934 2216	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:41:55.0934 2216	DfsC - ok
08:41:55.0996 2216	dg_ssudbus      (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
08:41:55.0996 2216	dg_ssudbus - ok
08:41:56.0074 2216	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:41:56.0074 2216	Dhcp - ok
08:41:56.0230 2216	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:41:56.0246 2216	discache - ok
08:41:56.0448 2216	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:41:56.0480 2216	Disk - ok
08:41:56.0682 2216	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:41:56.0698 2216	Dnscache - ok
08:41:56.0729 2216	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:41:56.0745 2216	dot3svc - ok
08:41:56.0792 2216	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:41:56.0807 2216	DPS - ok
08:41:56.0870 2216	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:41:56.0870 2216	drmkaud - ok
08:41:56.0948 2216	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:41:56.0963 2216	DXGKrnl - ok
08:41:56.0994 2216	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:41:56.0994 2216	EapHost - ok
08:41:57.0150 2216	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:41:57.0197 2216	ebdrv - ok
08:41:57.0244 2216	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:41:57.0244 2216	EFS - ok
08:41:57.0275 2216	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:41:57.0291 2216	ehRecvr - ok
08:41:57.0322 2216	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:41:57.0338 2216	ehSched - ok
08:41:57.0416 2216	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:41:57.0431 2216	elxstor - ok
08:41:57.0494 2216	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:41:57.0494 2216	ErrDev - ok
08:41:57.0540 2216	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:41:57.0540 2216	EventSystem - ok
08:41:57.0556 2216	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:41:57.0572 2216	exfat - ok
08:41:57.0587 2216	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:41:57.0587 2216	fastfat - ok
08:41:57.0665 2216	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:41:57.0665 2216	Fax - ok
08:41:57.0681 2216	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:41:57.0696 2216	fdc - ok
08:41:57.0712 2216	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:41:57.0712 2216	fdPHost - ok
08:41:57.0728 2216	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:41:57.0728 2216	FDResPub - ok
08:41:57.0743 2216	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:41:57.0759 2216	FileInfo - ok
08:41:57.0837 2216	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:41:57.0837 2216	Filetrace - ok
08:41:57.0852 2216	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:41:57.0884 2216	flpydisk - ok
08:41:58.0024 2216	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:41:58.0024 2216	FltMgr - ok
08:41:58.0118 2216	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:41:58.0133 2216	FontCache - ok
08:41:58.0211 2216	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:41:58.0211 2216	FontCache3.0.0.0 - ok
08:41:58.0258 2216	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:41:58.0258 2216	FsDepends - ok
08:41:58.0274 2216	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:41:58.0274 2216	Fs_Rec - ok
08:41:58.0320 2216	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:41:58.0320 2216	fvevol - ok
08:41:58.0352 2216	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:41:58.0352 2216	gagp30kx - ok
08:41:58.0414 2216	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:41:58.0430 2216	gpsvc - ok
08:41:58.0523 2216	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:41:58.0539 2216	gupdate - ok
08:41:58.0554 2216	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:41:58.0570 2216	gupdatem - ok
08:41:58.0586 2216	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:41:58.0586 2216	hcw85cir - ok
08:41:58.0757 2216	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:41:58.0773 2216	HdAudAddService - ok
08:41:58.0835 2216	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:41:58.0835 2216	HDAudBus - ok
08:41:58.0866 2216	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:41:58.0866 2216	HidBatt - ok
08:41:58.0882 2216	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:41:58.0882 2216	HidBth - ok
08:41:58.0898 2216	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:41:58.0898 2216	HidIr - ok
08:41:58.0929 2216	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:41:58.0929 2216	hidserv - ok
08:41:58.0944 2216	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:41:58.0944 2216	HidUsb - ok
08:41:58.0976 2216	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:41:58.0976 2216	hkmsvc - ok
08:41:59.0022 2216	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:41:59.0022 2216	HomeGroupListener - ok
08:41:59.0054 2216	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:41:59.0069 2216	HomeGroupProvider - ok
08:41:59.0100 2216	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:41:59.0100 2216	HpSAMD - ok
08:41:59.0178 2216	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:41:59.0194 2216	HTTP - ok
08:41:59.0241 2216	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:41:59.0241 2216	hwpolicy - ok
08:41:59.0288 2216	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:41:59.0288 2216	i8042prt - ok
08:41:59.0350 2216	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:41:59.0350 2216	iaStorV - ok
08:41:59.0459 2216	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:41:59.0475 2216	idsvc - ok
08:41:59.0537 2216	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:41:59.0537 2216	iirsp - ok
08:41:59.0584 2216	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:41:59.0600 2216	IKEEXT - ok
08:41:59.0615 2216	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:41:59.0615 2216	intelide - ok
08:41:59.0646 2216	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:41:59.0646 2216	intelppm - ok
08:41:59.0678 2216	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:41:59.0693 2216	IPBusEnum - ok
08:41:59.0724 2216	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:41:59.0724 2216	IpFilterDriver - ok
08:41:59.0787 2216	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:41:59.0787 2216	iphlpsvc - ok
08:41:59.0834 2216	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:41:59.0834 2216	IPMIDRV - ok
08:41:59.0865 2216	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:41:59.0880 2216	IPNAT - ok
08:41:59.0927 2216	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:41:59.0927 2216	IRENUM - ok
08:41:59.0958 2216	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:41:59.0958 2216	isapnp - ok
08:42:00.0005 2216	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:42:00.0005 2216	iScsiPrt - ok
08:42:00.0036 2216	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:42:00.0036 2216	kbdclass - ok
08:42:00.0083 2216	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:42:00.0083 2216	kbdhid - ok
08:42:00.0130 2216	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:00.0130 2216	KeyIso - ok
08:42:00.0177 2216	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:42:00.0177 2216	KSecDD - ok
08:42:00.0224 2216	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:42:00.0224 2216	KSecPkg - ok
08:42:00.0255 2216	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:42:00.0255 2216	ksthunk - ok
08:42:00.0364 2216	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:42:00.0380 2216	KtmRm - ok
08:42:00.0536 2216	L1C             (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
08:42:00.0551 2216	L1C - ok
08:42:00.0723 2216	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
08:42:00.0738 2216	LanmanServer - ok
08:42:00.0879 2216	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:42:00.0894 2216	LanmanWorkstation - ok
08:42:01.0175 2216	LBTServ         (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
08:42:01.0206 2216	LBTServ - ok
08:42:01.0846 2216	LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
08:42:01.0846 2216	LHidFilt - ok
08:42:02.0314 2216	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:42:02.0376 2216	lltdio - ok
08:42:02.0642 2216	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:42:02.0657 2216	lltdsvc - ok
08:42:02.0751 2216	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:42:02.0766 2216	lmhosts - ok
08:42:02.0922 2216	LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
08:42:02.0922 2216	LMouFilt - ok
08:42:03.0032 2216	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:42:03.0063 2216	LSI_FC - ok
08:42:03.0156 2216	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:42:03.0172 2216	LSI_SAS - ok
08:42:03.0266 2216	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:42:03.0266 2216	LSI_SAS2 - ok
08:42:03.0390 2216	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:42:03.0390 2216	LSI_SCSI - ok
08:42:03.0484 2216	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:42:03.0500 2216	luafv - ok
08:42:03.0718 2216	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
08:42:03.0718 2216	MBAMProtector - ok
08:42:03.0921 2216	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:42:03.0936 2216	MBAMService - ok
08:42:04.0030 2216	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:42:04.0046 2216	Mcx2Svc - ok
08:42:04.0139 2216	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:42:04.0139 2216	megasas - ok
08:42:04.0202 2216	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:42:04.0217 2216	MegaSR - ok
08:42:04.0404 2216	Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:42:04.0420 2216	Microsoft Office Groove Audit Service - ok
08:42:04.0514 2216	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:42:04.0529 2216	MMCSS - ok
08:42:04.0810 2216	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:42:04.0826 2216	Modem - ok
08:42:04.0857 2216	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:42:04.0857 2216	monitor - ok
08:42:04.0919 2216	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:42:04.0919 2216	mouclass - ok
08:42:04.0966 2216	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:42:04.0982 2216	mouhid - ok
08:42:05.0028 2216	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:42:05.0028 2216	mountmgr - ok
08:42:05.0075 2216	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:42:05.0075 2216	mpio - ok
08:42:05.0106 2216	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:42:05.0106 2216	mpsdrv - ok
08:42:05.0184 2216	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:42:05.0200 2216	MpsSvc - ok
08:42:05.0325 2216	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:42:05.0340 2216	MRxDAV - ok
08:42:05.0434 2216	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:42:05.0434 2216	mrxsmb - ok
08:42:05.0512 2216	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:42:05.0512 2216	mrxsmb10 - ok
08:42:05.0574 2216	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:42:05.0574 2216	mrxsmb20 - ok
08:42:05.0684 2216	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:42:05.0684 2216	msahci - ok
08:42:05.0730 2216	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:42:05.0746 2216	msdsm - ok
08:42:05.0824 2216	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:42:05.0824 2216	MSDTC - ok
08:42:05.0918 2216	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:42:05.0918 2216	Msfs - ok
08:42:05.0964 2216	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:42:05.0964 2216	mshidkmdf - ok
08:42:05.0996 2216	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:42:05.0996 2216	msisadrv - ok
08:42:06.0074 2216	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:42:06.0074 2216	MSiSCSI - ok
08:42:06.0089 2216	msiserver - ok
08:42:06.0167 2216	Mskidrhcach - ok
08:42:06.0214 2216	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:42:06.0230 2216	MSKSSRV - ok
08:42:06.0245 2216	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:42:06.0245 2216	MSPCLOCK - ok
08:42:06.0276 2216	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:42:06.0292 2216	MSPQM - ok
08:42:06.0370 2216	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:42:06.0370 2216	MsRPC - ok
08:42:06.0401 2216	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:42:06.0401 2216	mssmbios - ok
08:42:06.0448 2216	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:42:06.0464 2216	MSTEE - ok
08:42:06.0495 2216	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:42:06.0510 2216	MTConfig - ok
08:42:06.0588 2216	MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
08:42:06.0588 2216	MTsensor - ok
08:42:06.0635 2216	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:42:06.0635 2216	Mup - ok
08:42:06.0713 2216	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:42:06.0713 2216	napagent - ok
08:42:06.0760 2216	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:42:06.0776 2216	NativeWifiP - ok
08:42:06.0807 2216	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:42:06.0822 2216	NDIS - ok
08:42:06.0838 2216	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:42:06.0838 2216	NdisCap - ok
08:42:06.0869 2216	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:42:06.0869 2216	NdisTapi - ok
08:42:06.0916 2216	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:42:06.0916 2216	Ndisuio - ok
08:42:06.0947 2216	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:42:06.0947 2216	NdisWan - ok
08:42:06.0978 2216	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:42:06.0978 2216	NDProxy - ok
08:42:07.0025 2216	Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
08:42:07.0025 2216	Net Driver HPZ12 - ok
08:42:07.0072 2216	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:42:07.0088 2216	NetBIOS - ok
08:42:07.0197 2216	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:42:07.0197 2216	NetBT - ok
08:42:07.0275 2216	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:07.0275 2216	Netlogon - ok
08:42:07.0368 2216	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:42:07.0368 2216	Netman - ok
08:42:07.0415 2216	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:42:07.0415 2216	netprofm - ok
08:42:07.0493 2216	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:42:07.0493 2216	NetTcpPortSharing - ok
08:42:07.0556 2216	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:42:07.0556 2216	nfrd960 - ok
08:42:07.0649 2216	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:42:07.0665 2216	NlaSvc - ok
08:42:07.0696 2216	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:42:07.0696 2216	Npfs - ok
08:42:07.0727 2216	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:42:07.0727 2216	nsi - ok
08:42:07.0758 2216	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:42:07.0758 2216	nsiproxy - ok
08:42:07.0914 2216	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:42:07.0946 2216	Ntfs - ok
08:42:07.0977 2216	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:42:07.0977 2216	Null - ok
08:42:08.0024 2216	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:42:08.0024 2216	nvraid - ok
08:42:08.0055 2216	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:42:08.0070 2216	nvstor - ok
08:42:08.0133 2216	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:42:08.0133 2216	nv_agp - ok
08:42:08.0242 2216	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:42:08.0242 2216	odserv - ok
08:42:08.0304 2216	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:42:08.0304 2216	ohci1394 - ok
08:42:08.0398 2216	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:42:08.0414 2216	ose - ok
08:42:08.0445 2216	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:42:08.0460 2216	p2pimsvc - ok
08:42:08.0538 2216	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:42:08.0570 2216	p2psvc - ok
08:42:08.0632 2216	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:42:08.0632 2216	Parport - ok
08:42:08.0679 2216	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:42:08.0679 2216	partmgr - ok
08:42:08.0710 2216	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:42:08.0726 2216	PcaSvc - ok
08:42:08.0772 2216	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:42:08.0772 2216	pci - ok
08:42:08.0788 2216	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:42:08.0788 2216	pciide - ok
08:42:08.0819 2216	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:42:08.0835 2216	pcmcia - ok
08:42:08.0850 2216	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:42:08.0850 2216	pcw - ok
08:42:08.0866 2216	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:42:08.0882 2216	PEAUTH - ok
08:42:08.0944 2216	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:42:08.0960 2216	PeerDistSvc - ok
08:42:09.0006 2216	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:42:09.0006 2216	PerfHost - ok
08:42:09.0100 2216	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:42:09.0147 2216	pla - ok
08:42:09.0240 2216	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:42:09.0256 2216	PlugPlay - ok
08:42:09.0334 2216	Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
08:42:09.0334 2216	Pml Driver HPZ12 - ok
08:42:09.0459 2216	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:42:09.0474 2216	PNRPAutoReg - ok
08:42:10.0114 2216	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:42:10.0130 2216	PNRPsvc - ok
08:42:10.0223 2216	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:42:10.0254 2216	PolicyAgent - ok
08:42:10.0317 2216	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:42:10.0317 2216	Power - ok
08:42:10.0488 2216	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:42:10.0504 2216	PptpMiniport - ok
08:42:10.0535 2216	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:42:10.0535 2216	Processor - ok
08:42:10.0629 2216	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:42:10.0644 2216	ProfSvc - ok
08:42:10.0691 2216	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:10.0691 2216	ProtectedStorage - ok
08:42:10.0785 2216	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:42:10.0785 2216	Psched - ok
08:42:10.0863 2216	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:42:10.0910 2216	ql2300 - ok
08:42:10.0941 2216	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:42:10.0941 2216	ql40xx - ok
08:42:10.0972 2216	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:42:10.0972 2216	QWAVE - ok
08:42:10.0988 2216	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:42:11.0003 2216	QWAVEdrv - ok
08:42:11.0050 2216	RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
08:42:11.0066 2216	RapiMgr - ok
08:42:11.0081 2216	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:42:11.0081 2216	RasAcd - ok
08:42:11.0112 2216	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:42:11.0112 2216	RasAgileVpn - ok
08:42:11.0128 2216	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:42:11.0144 2216	RasAuto - ok
08:42:11.0175 2216	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:42:11.0175 2216	Rasl2tp - ok
08:42:11.0222 2216	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:42:11.0237 2216	RasMan - ok
08:42:11.0253 2216	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:42:11.0253 2216	RasPppoe - ok
08:42:11.0268 2216	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:42:11.0284 2216	RasSstp - ok
08:42:11.0331 2216	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:42:11.0331 2216	rdbss - ok
08:42:11.0362 2216	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:42:11.0362 2216	rdpbus - ok
08:42:11.0393 2216	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:42:11.0409 2216	RDPCDD - ok
08:42:11.0456 2216	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:42:11.0456 2216	RDPDR - ok
08:42:11.0487 2216	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:42:11.0502 2216	RDPENCDD - ok
08:42:11.0534 2216	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:42:11.0534 2216	RDPREFMP - ok
08:42:11.0580 2216	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:42:11.0580 2216	RDPWD - ok
08:42:11.0627 2216	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:42:11.0627 2216	rdyboost - ok
08:42:11.0658 2216	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:42:11.0674 2216	RemoteAccess - ok
08:42:11.0690 2216	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:42:11.0705 2216	RemoteRegistry - ok
08:42:11.0736 2216	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:42:11.0736 2216	RpcEptMapper - ok
08:42:11.0752 2216	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:42:11.0768 2216	RpcLocator - ok
08:42:11.0799 2216	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:42:11.0814 2216	RpcSs - ok
08:42:11.0846 2216	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:42:11.0846 2216	rspndr - ok
08:42:11.0877 2216	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:42:11.0877 2216	s3cap - ok
08:42:11.0924 2216	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:11.0924 2216	SamSs - ok
08:42:11.0970 2216	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:42:11.0970 2216	sbp2port - ok
08:42:12.0017 2216	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:42:12.0017 2216	SCardSvr - ok
08:42:12.0064 2216	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:42:12.0064 2216	scfilter - ok
08:42:12.0126 2216	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:42:12.0158 2216	Schedule - ok
08:42:12.0189 2216	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:42:12.0189 2216	SCPolicySvc - ok
08:42:12.0236 2216	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:42:12.0251 2216	SDRSVC - ok
08:42:12.0282 2216	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:42:12.0282 2216	secdrv - ok
08:42:12.0345 2216	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:42:12.0345 2216	seclogon - ok
08:42:12.0423 2216	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:42:12.0423 2216	SENS - ok
08:42:12.0485 2216	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:42:12.0501 2216	SensrSvc - ok
08:42:12.0610 2216	Sentinel        (82215bbed5d37b0c354f0e83fd0c8423) C:\Windows\System32\Drivers\SENTINEL64.SYS
08:42:12.0626 2216	Sentinel - ok
08:42:12.0704 2216	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:42:12.0704 2216	Serenum - ok
08:42:12.0735 2216	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:42:12.0750 2216	Serial - ok
08:42:12.0797 2216	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:42:12.0797 2216	sermouse - ok
08:42:12.0875 2216	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:42:12.0875 2216	SessionEnv - ok
08:42:12.0922 2216	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:42:12.0922 2216	sffdisk - ok
08:42:12.0938 2216	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:42:12.0938 2216	sffp_mmc - ok
08:42:12.0969 2216	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:42:12.0969 2216	sffp_sd - ok
08:42:13.0016 2216	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:42:13.0016 2216	sfloppy - ok
08:42:13.0062 2216	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:42:13.0062 2216	SharedAccess - ok
08:42:13.0109 2216	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:42:13.0125 2216	ShellHWDetection - ok
08:42:13.0156 2216	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:42:13.0156 2216	SiSRaid2 - ok
08:42:13.0172 2216	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:42:13.0187 2216	SiSRaid4 - ok
08:42:13.0203 2216	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:42:13.0203 2216	Smb - ok
08:42:13.0250 2216	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:42:13.0250 2216	SNMPTRAP - ok
08:42:13.0265 2216	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:42:13.0265 2216	spldr - ok
08:42:13.0296 2216	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:42:13.0312 2216	Spooler - ok
08:42:13.0421 2216	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:42:13.0562 2216	sppsvc - ok
08:42:13.0593 2216	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:42:13.0593 2216	sppuinotify - ok
08:42:13.0640 2216	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:42:13.0655 2216	srv - ok
08:42:13.0702 2216	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:42:13.0718 2216	srv2 - ok
08:42:13.0733 2216	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:42:13.0733 2216	srvnet - ok
08:42:13.0780 2216	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:42:13.0780 2216	SSDPSRV - ok
08:42:13.0811 2216	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:42:13.0811 2216	SstpSvc - ok
08:42:13.0858 2216	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:42:13.0858 2216	stexstor - ok
08:42:13.0936 2216	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:42:13.0952 2216	stisvc - ok
08:42:13.0998 2216	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:42:13.0998 2216	storflt - ok
08:42:14.0030 2216	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
08:42:14.0045 2216	StorSvc - ok
08:42:14.0061 2216	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:42:14.0061 2216	storvsc - ok
08:42:14.0108 2216	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:42:14.0108 2216	swenum - ok
08:42:14.0123 2216	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:42:14.0139 2216	swprv - ok
08:42:14.0217 2216	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:42:14.0264 2216	SysMain - ok
08:42:14.0295 2216	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:42:14.0310 2216	TabletInputService - ok
08:42:14.0357 2216	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:42:14.0357 2216	TapiSrv - ok
08:42:14.0388 2216	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:42:14.0388 2216	TBS - ok
08:42:14.0482 2216	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:42:14.0529 2216	Tcpip - ok
08:42:14.0576 2216	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:42:14.0591 2216	TCPIP6 - ok
08:42:14.0669 2216	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:42:14.0685 2216	tcpipreg - ok
08:42:14.0794 2216	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:42:14.0794 2216	TDPIPE - ok
08:42:14.0903 2216	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:42:14.0903 2216	TDTCP - ok
08:42:14.0950 2216	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:42:14.0950 2216	tdx - ok
08:42:15.0122 2216	TeamViewer7     (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
08:42:15.0137 2216	TeamViewer7 - ok
08:42:15.0168 2216	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:42:15.0168 2216	TermDD - ok
08:42:15.0200 2216	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:42:15.0215 2216	TermService - ok
08:42:15.0246 2216	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:42:15.0262 2216	Themes - ok
08:42:15.0293 2216	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:42:15.0293 2216	THREADORDER - ok
08:42:15.0324 2216	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:42:15.0324 2216	TrkWks - ok
08:42:15.0387 2216	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:42:15.0387 2216	TrustedInstaller - ok
08:42:15.0434 2216	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:42:15.0434 2216	tssecsrv - ok
08:42:15.0465 2216	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:42:15.0480 2216	TsUsbFlt - ok
08:42:15.0543 2216	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:42:15.0543 2216	tunnel - ok
08:42:15.0574 2216	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:42:15.0574 2216	uagp35 - ok
08:42:15.0621 2216	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:42:15.0621 2216	udfs - ok
08:42:15.0683 2216	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:42:15.0683 2216	UI0Detect - ok
08:42:15.0730 2216	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:42:15.0746 2216	uliagpkx - ok
08:42:15.0824 2216	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:42:15.0824 2216	umbus - ok
08:42:15.0839 2216	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:42:15.0839 2216	UmPass - ok
08:42:15.0886 2216	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
08:42:15.0902 2216	UmRdpService - ok
08:42:15.0933 2216	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:42:15.0948 2216	upnphost - ok
08:42:15.0980 2216	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:42:15.0980 2216	usbccgp - ok
08:42:16.0042 2216	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:42:16.0042 2216	usbcir - ok
08:42:16.0073 2216	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:42:16.0073 2216	usbehci - ok
08:42:16.0104 2216	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:42:16.0120 2216	usbhub - ok
08:42:16.0136 2216	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:42:16.0136 2216	usbohci - ok
08:42:16.0167 2216	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:42:16.0167 2216	usbprint - ok
08:42:16.0182 2216	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:42:16.0182 2216	USBSTOR - ok
08:42:16.0198 2216	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:42:16.0198 2216	usbuhci - ok
08:42:16.0229 2216	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:42:16.0229 2216	UxSms - ok
08:42:16.0276 2216	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:16.0276 2216	VaultSvc - ok
08:42:16.0307 2216	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:42:16.0307 2216	vdrvroot - ok
08:42:16.0354 2216	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:42:16.0370 2216	vds - ok
08:42:16.0385 2216	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:42:16.0385 2216	vga - ok
08:42:16.0416 2216	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:42:16.0416 2216	VgaSave - ok
08:42:16.0463 2216	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:42:16.0479 2216	vhdmp - ok
08:42:16.0541 2216	VIAHdAudAddService (712bfd5dac2668fba4a2435fb06c3d00) C:\Windows\system32\drivers\viahduaa.sys
08:42:16.0572 2216	VIAHdAudAddService - ok
08:42:16.0588 2216	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:42:16.0588 2216	viaide - ok
08:42:16.0619 2216	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:42:16.0619 2216	vmbus - ok
08:42:16.0650 2216	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:42:16.0650 2216	VMBusHID - ok
08:42:16.0682 2216	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:42:16.0682 2216	volmgr - ok
08:42:16.0728 2216	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:42:16.0728 2216	volmgrx - ok
08:42:16.0760 2216	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:42:16.0760 2216	volsnap - ok
08:42:16.0822 2216	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:42:16.0822 2216	vsmraid - ok
08:42:16.0916 2216	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:42:16.0962 2216	VSS - ok
08:42:17.0009 2216	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:42:17.0025 2216	vwifibus - ok
08:42:17.0103 2216	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:42:17.0118 2216	W32Time - ok
08:42:17.0165 2216	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:42:17.0165 2216	WacomPen - ok
08:42:17.0212 2216	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:42:17.0212 2216	WANARP - ok
08:42:17.0228 2216	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:42:17.0228 2216	Wanarpv6 - ok
08:42:17.0306 2216	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:42:17.0352 2216	WatAdminSvc - ok
08:42:17.0415 2216	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:42:17.0446 2216	wbengine - ok
08:42:17.0493 2216	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:42:17.0493 2216	WbioSrvc - ok
08:42:17.0571 2216	WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
08:42:17.0586 2216	WcesComm - ok
08:42:17.0649 2216	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:42:17.0664 2216	wcncsvc - ok
08:42:17.0711 2216	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:42:17.0711 2216	WcsPlugInService - ok
08:42:17.0758 2216	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:42:17.0758 2216	Wd - ok
08:42:17.0805 2216	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:42:17.0820 2216	Wdf01000 - ok
08:42:17.0836 2216	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:42:17.0852 2216	WdiServiceHost - ok
08:42:17.0852 2216	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:42:17.0852 2216	WdiSystemHost - ok
08:42:17.0883 2216	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:42:17.0898 2216	WebClient - ok
08:42:17.0914 2216	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:42:17.0914 2216	Wecsvc - ok
08:42:17.0930 2216	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:42:17.0930 2216	wercplsupport - ok
08:42:17.0961 2216	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:42:17.0961 2216	WerSvc - ok
08:42:17.0992 2216	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:42:17.0992 2216	WfpLwf - ok
08:42:18.0008 2216	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:42:18.0008 2216	WIMMount - ok
08:42:18.0039 2216	WinDefend - ok
08:42:18.0039 2216	WinHttpAutoProxySvc - ok
08:42:18.0101 2216	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:42:18.0101 2216	Winmgmt - ok
08:42:18.0195 2216	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:42:18.0257 2216	WinRM - ok
08:42:18.0320 2216	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:42:18.0320 2216	WinUsb - ok
08:42:18.0366 2216	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:42:18.0382 2216	Wlansvc - ok
08:42:18.0398 2216	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:42:18.0398 2216	WmiAcpi - ok
08:42:18.0429 2216	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:42:18.0429 2216	wmiApSrv - ok
08:42:18.0444 2216	WMPNetworkSvc - ok
08:42:18.0460 2216	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:42:18.0460 2216	WPCSvc - ok
08:42:18.0491 2216	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:42:18.0491 2216	WPDBusEnum - ok
08:42:18.0522 2216	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:42:18.0522 2216	ws2ifsl - ok
08:42:18.0554 2216	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
08:42:18.0554 2216	wscsvc - ok
08:42:18.0554 2216	WSearch - ok
08:42:18.0663 2216	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:42:18.0741 2216	wuauserv - ok
08:42:18.0788 2216	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:42:18.0788 2216	WudfPf - ok
08:42:18.0834 2216	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:42:18.0850 2216	WUDFRd - ok
08:42:18.0881 2216	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:42:18.0897 2216	wudfsvc - ok
08:42:18.0912 2216	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:42:18.0928 2216	WwanSvc - ok
08:42:18.0959 2216	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:42:19.0022 2216	\Device\Harddisk0\DR0 - ok
08:42:19.0022 2216	Boot (0x1200)   (8a713ee86a43fb092eb60ce33a4a9ddf) \Device\Harddisk0\DR0\Partition0
08:42:19.0022 2216	\Device\Harddisk0\DR0\Partition0 - ok
08:42:19.0053 2216	Boot (0x1200)   (9a20039cf97ccc181d4a533b86febf2a) \Device\Harddisk0\DR0\Partition1
08:42:19.0053 2216	\Device\Harddisk0\DR0\Partition1 - ok
08:42:19.0068 2216	Boot (0x1200)   (08c8b3930521880ea1a1656cd11b530a) \Device\Harddisk0\DR0\Partition2
08:42:19.0068 2216	\Device\Harddisk0\DR0\Partition2 - ok
08:42:19.0068 2216	============================================================
08:42:19.0068 2216	Scan finished
08:42:19.0068 2216	============================================================
08:42:19.0084 3156	Detected object count: 0
08:42:19.0084 3156	Actual detected object count: 0

Grüße

cosinus · 27.03.2012, 11:46

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

HeinBlöd666 · 27.03.2012, 15:21

Hi,

und hier das log:

[code]

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-27.02 - PC 27.03.2012  15:57:37.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3838.2566 [GMT 2:00]
ausgeführt von:: c:\users\PC\Desktop\TrojanerSuche\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\regobj.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-27 14:02 . 2012-03-27 14:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-22 15:31 . 2012-03-22 15:31	--------	d-----w-	C:\_OTL
2012-03-21 17:29 . 2012-03-21 17:29	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-03-21 16:24 . 2012-03-21 16:24	--------	d-----w-	c:\program files (x86)\ESET
2012-03-19 15:01 . 2012-03-19 15:01	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 15:01 . 2012-03-19 15:01	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 12:19 . 2012-03-19 12:19	--------	d-----w-	c:\users\PC\AppData\Roaming\Malwarebytes
2012-03-19 12:19 . 2012-03-19 12:19	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-19 11:21 . 2012-03-19 13:14	--------	d-----w-	c:\programdata\boost_interprocess
2012-03-19 11:18 . 2012-03-21 16:19	--------	d-----w-	c:\programdata\IBUpdaterService
2012-03-19 11:18 . 2012-03-19 11:21	--------	d-----w-	c:\program files (x86)\SpecialSavings
2012-03-15 08:37 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-15 08:37 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 08:37 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-15 08:34 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-15 08:34 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-15 08:34 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-15 08:33 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-15 08:33 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-15 08:33 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-15 08:33 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-15 08:33 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-15 08:33 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-15 08:33 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-09 13:45 . 2012-03-09 13:45	--------	d-----w-	c:\windows\SysWow64\Wat
2012-03-09 13:45 . 2012-03-09 13:45	--------	d-----w-	c:\windows\system32\Wat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 08:55 . 2011-05-19 08:12	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 09:05 . 2011-10-18 09:28	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-04 10:44 . 2012-02-16 09:11	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-01-04 09:25 . 2012-01-04 09:25	19277133	----a-w-	c:\users\PC\audacity-win-unicode-1.3.14.exe
2012-01-04 08:58 . 2012-02-16 09:11	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 09:11	515584	----a-w-	c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 09:11	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 2770432]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-12-16 220744]
.
c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-17 113664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-27 1207312]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 136176]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 136176]
R3 Mskidrhcach;Mskidrhcach; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~2\ESRI\License\arcgis9x\lmgrd.exe [2008-08-02 1431440]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 13:34]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 13:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\3mbxs9if.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-BImSchG-Antragstellungsprogramm - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\progra~2\ESRI\License\arcgis9x\ARCGIS.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-27  16:13:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-27 14:13
.
Vor Suchlauf: 15 Verzeichnis(se), 209.670.729.728 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 209.126.182.912 Bytes frei
.
- - End Of File - - 63E8497A9F0630314A2F566D9C81722D

--- --- ---

cosinus · 27.03.2012, 15:40

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

HeinBlöd666 · 28.03.2012, 07:53

und hier das nächste

Code:

ATTFilter


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-28 08:37:39
-----------------------------
08:37:39.560    OS Version: Windows x64 6.1.7601 Service Pack 1
08:37:39.560    Number of processors: 4 586 0x503
08:37:39.560    ComputerName: PC-PC  UserName: PC
08:37:40.245    Initialize success
08:40:09.369    AVAST engine defs: 12032702
08:42:14.249    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
08:42:14.264    Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
08:42:14.280    Disk 0 MBR read successfully
08:42:14.280    Disk 0 MBR scan
08:42:14.295    Disk 0 Windows 7 default MBR code
08:42:14.295    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
08:42:14.311    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       253286 MB offset 206848
08:42:14.327    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       223551 MB offset 518936576
08:42:14.373    Disk 0 scanning C:\Windows\system32\drivers
08:42:24.155    Service scanning
08:42:45.636    Modules scanning
08:42:45.651    Disk 0 trace - called modules:
08:42:45.683    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
08:42:46.197    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046b2060]
08:42:46.197    3 CLASSPNP.SYS[fffff8800197e43f] -> nt!IofCallDriver -> [0xfffffa80045d79b0]
08:42:46.213    5 ACPI.sys[fffff88000fa37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80046aa060]
08:42:47.087    AVAST engine scan C:\Windows
08:42:49.583    AVAST engine scan C:\Windows\system32
08:45:47.407    AVAST engine scan C:\Windows\system32\drivers
08:45:58.873    AVAST engine scan C:\Users\PC
08:46:14.567    File: C:\Users\PC\AppData\Local\Temp\_av4_\data\aswar0.dll  **INFECTED** Win32:Malware-gen
08:46:14.707    File: C:\Users\PC\AppData\Local\Temp\_av4_\data\updldr0.bin  **INFECTED** Win32:Malware-gen
08:47:36.639    AVAST engine scan C:\ProgramData
08:48:13.720    Scan finished successfully
08:51:09.532    Disk 0 MBR has been saved successfully to "C:\Users\PC\Desktop\TrojanerSuche\MBR.dat"
08:51:09.548    The log file has been saved successfully to "C:\Users\PC\Desktop\TrojanerSuche\aswMBR.txt"

cosinus · 28.03.2012, 11:30

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

HeinBlöd666 · 28.03.2012, 17:17

und hier der Rest

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.28.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PC :: PC-PC [Administrator]

Schutz: Deaktiviert

28.03.2012 15:25:34
mbam-log-2012-03-28 (15-25-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 339875
Laufzeit: 47 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/28/2012 at 05:52 PM

Application Version : 5.0.1146

Core Rules Database Version : 8389
Trace Rules Database Version: 6201

Scan type       : Complete Scan
Total Scan Time : 01:13:47

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 682
Memory threats detected   : 0
Registry items scanned    : 74455
Registry threats detected : 0
File items scanned        : 139460
File threats detected     : 395

Adware.Tracking Cookie
	C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@adx.chip[1].txt [ /adx.chip ]
	C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\ECL6YIQB.txt [ /smartadserver.com ]
	C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\ACV2W7RI.txt [ /doubleclick.net ]
	C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\3Y0W462X.txt [ /atdmt.com ]
	C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\I58Z8SI4.txt [ /dyntracker.com ]
	C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\8XRLNJ10.txt [ /mediaplex.com ]
	C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\2RH622E3.txt [ /www.zanox-affiliate.de ]
	C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\LNCPMI8B.txt [ /zanox-affiliate.de ]
	C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\HQ6TL7DG.txt [ /ads.creative-serving.com ]
	C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\XDB74HKZ.txt [ /fastclick.net ]
	C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\JY50J8PP.txt [ /apmebf.com ]
	C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\JJ9CAI3T.txt [ Cookie:pc@clkads.com/adServe/banners/ ]
	C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\APKZ2VW3.txt [ Cookie:pc@clkads.com/adServe/banners ]
	C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\1BEQO6K1.txt [ Cookie:pc@doubleclick.net/ ]
	C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\pc@ad.yieldmanager[2].txt [ Cookie:pc@ad.yieldmanager.com/ ]
	C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\PM5001SF.txt [ Cookie:pc@invitemedia.com/ ]
	C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\YIN17CMI.txt [ Cookie:pc@revsci.net/ ]
	C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\pc@fastclick[1].txt [ Cookie:pc@fastclick.net/ ]
	C:\USERS\PC\Cookies\ACV2W7RI.txt [ Cookie:pc@doubleclick.net/ ]
	C:\USERS\PC\Cookies\I58Z8SI4.txt [ Cookie:pc@dyntracker.com/ ]
	C:\USERS\PC\Cookies\8XRLNJ10.txt [ Cookie:pc@mediaplex.com/ ]
	C:\USERS\PC\Cookies\LNCPMI8B.txt [ Cookie:pc@zanox-affiliate.de/ ]
	C:\USERS\PC\Cookies\JJ9CAI3T.txt [ Cookie:pc@clkads.com/adServe/banners/ ]
	C:\USERS\PC\Cookies\APKZ2VW3.txt [ Cookie:pc@clkads.com/adServe/banners ]
	C:\USERS\PC\Cookies\XDB74HKZ.txt [ Cookie:pc@fastclick.net/ ]
	www.mediamarkt.de [ C:\USERS\PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PC@INTERCLICK[1].TXT [ /INTERCLICK ]
	.apmebf.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	zbox.zanox.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tto2.traffictrack.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	adserv.quality-channel.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	adserv.quality-channel.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adserv.quality-channel.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adserver.gs [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.slidefinder.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.slidefinder.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.slidefinder.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.slidefinder.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.slidefinder.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.secmedia.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.franklintempleton.122.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.dkvag.112.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wfkioocjckp.stats.esomniture.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wflysic5gkp.stats.esomniture.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.bizrate.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.vodafonegroup.122.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wfk4skazibp.stats.esomniture.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adxpose.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.agrifinder.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.agrifinder.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	adserver.euronics.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	adserver.freelancermap.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tns-counter.ru [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tracking.3gnet.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	tracking.klicktel.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.ww251.smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	banner.testberichte.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	studivz.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.ad-emea.doubleclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	tradefx.advertserve.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.openstat.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.spylog.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.112.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.adserver01.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.mediamarkt.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.mediacityberlin.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.mediacityberlin.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	edates.traffective-tracking.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	edates.traffective-tracking.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	edates.traffective-tracking.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	media.gan-online.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.dyntracker.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.safaribooks.112.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.nikonjp.112.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.stats4free.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.stats4free.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.yieldmanager.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	tracking.klicktel.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	a.visualrevenue.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

28.03.2012, 11:30	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Entfernung Searchcore Toolbar Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Entfernung Searchcore Toolbar

Plagegeister aller Art und deren Bekämpfung: Entfernung Searchcore Toolbar