Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs Trojaner - Rechnung von Pearlfection.de

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.06.2012, 20:58   #1
sportsocke
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Hallo liebe Community,

ich habe ein Notebook von einem Bekannten in die Hand gedrückt bekommen, der von einem netten und für mich neue Art eines Trojaners befallen ist.

Folgende Informationen habe ich von meinem Bekannten bekommen:
Er hat eine E-Mail von Pearlfection.de über einen hohen 4 stelligen Betrag erhalten und hat vor schreck die Anlage geöffnet - das war eine "Rechnung" als zip Format.
Nachdem er diese Rechnung geöffnet hatte wurden sämtliche Word Dateien etc. verschlüsselt und es wurde eine Textdatei erstellt auf dem Desktop mit Folgendem Inhalt:
Zitat:
Sehr geehrte Damen und HErren anscheind wurde das Update Programm vollständig unterbrochen - um den Virus zu entfernen überweisen Sie 200 € UKash Code an die EMail: software-update@inbox.lt (Inhalt etwas gekürzt)
Was habe ich bis Dato gemacht?
Ich habe erstmal alle Systemstarts deaktiviert (msconfig --> Systemstarts), alle Virenscanner deaktiviert und daraufhin einen vollen Scan mit Malwarebytes durchgeführt. (ich habe mich aus Unkenntnis mit dem Programm noch nicht getraut den Butonn "alles Löschen" zu drücken.
Folgende Log habe ich erhalten:
Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.14.08

Windows 7 Service Pack 1 x64 FAT32
Internet Explorer 8.0.7601.17514
Christian :: CHRISTIAN-PC [Administrator]

Schutz: Aktiviert

14.06.2012 18:52:22
mbam-log-2012-06-14 (19-02-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232433
Laufzeit: 3 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 29
HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Keine Aktion durchgeführt.
HKCR\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.CntntDic (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.CntntDisp (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Keine Aktion durchgeführt.
HKCR\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Stock (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.0.517.0 (Adware.HotBar) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790777B076545430AB92 (Malware.Trace) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ClickPotatoLiteSA (Adware.ClickPotato) -> Daten: "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe" -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Daten: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Daten: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 19
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0 (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Keine Aktion durchgeführt.

Infizierte Dateien: 20
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\CntntCntr.dll (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\zodqtnwyxy.pre (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReportsUninstaller.exe (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Keine Aktion durchgeführt.

(Ende)
Neben den ganzen komischen Toolbars, die mein Bekannter installiert hat, ist mir noch folgender Eintrag aufgefallen:
Zitat:
C:\Users\Christian\AppData\Local\Temp\zodqtnwyxy.pre (Trojan.Agent) -> Keine Aktion durchgeführt.

Da durchaus wichtige Daten auf dem PC sind habe ich noch keine weiteren Schritte eingeleitet. Ich bin zwar relativ Firm im Umgang mit PCs (FiSi) allerdings habe ich Angst, dass die Daten unwiederruflich zerstört sind.

Könnt Ihr mich vlt auf meinen Schritten begleiten um meinen Bekannten von dem Befall zu befreien und die Daten zu behalten?

Über jeden Tipp wäre ich Dankbar.

Viele Grüße
Thomas

Hallo,

habe nochmal OTL und fogger durchlaufen lassen.

Fogger hat nichts gefunden.

OTL.txt hat folgenden Inhalt

Code:
ATTFilter
OTL logfile created on: 15.06.2012 14:08:16 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 51,32% Memory free
7,36 Gb Paging File | 5,23 Gb Available in Paging File | 71,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 324,38 Gb Free Space | 71,66% Space Free | Partition Type: NTFS
Drive D: | 3,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,64% Space Free | Partition Type: FAT32
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2012.06.12 18:44:59 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Christian\AppData\Local\MediaGet2\mediaget.exe
PRC - [2012.05.25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012.05.13 20:25:32 | 000,019,768 | ---- | M] (Smartbar) -- C:\Users\Christian\AppData\Local\Smartbar\Application\Linkury.exe
PRC - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 16:15:30 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.03 20:20:08 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe
PRC - [2012.05.03 20:20:08 | 000,932,528 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.04.23 18:00:21 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2012.04.16 01:23:59 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.29 00:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.02.28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.02.22 10:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.12 18:44:59 | 011,742,440 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtWebKit4.dll
MOD - [2012.06.12 18:44:59 | 008,227,560 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtGui4.dll
MOD - [2012.06.12 18:44:59 | 002,554,088 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtXmlPatterns4.dll
MOD - [2012.06.12 18:44:59 | 002,430,184 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtDeclarative4.dll
MOD - [2012.06.12 18:44:59 | 002,297,576 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtCore4.dll
MOD - [2012.06.12 18:44:59 | 002,267,368 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\libvlccore.dll
MOD - [2012.06.12 18:44:59 | 001,298,152 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtScript4.dll
MOD - [2012.06.12 18:44:59 | 000,979,176 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtNetwork4.dll
MOD - [2012.06.12 18:44:59 | 000,343,784 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtXml4.dll
MOD - [2012.06.12 18:44:59 | 000,224,488 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\imageformats\qmng4.dll
MOD - [2012.06.12 18:44:59 | 000,200,424 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
MOD - [2012.06.12 18:44:59 | 000,195,304 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtSql4.dll
MOD - [2012.06.12 18:44:59 | 000,105,192 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\libvlc.dll
MOD - [2012.06.12 18:44:59 | 000,030,440 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\imageformats\qgif4.dll
MOD - [2012.05.13 20:26:22 | 000,016,184 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2012.05.13 20:26:18 | 000,024,888 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2012.05.13 20:26:16 | 000,019,256 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2012.05.13 20:26:12 | 000,013,112 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2012.05.13 20:26:08 | 000,067,896 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2012.05.13 20:26:06 | 000,331,576 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.FilesManager.dll
MOD - [2012.05.13 20:26:06 | 000,034,616 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2012.05.13 20:26:02 | 000,015,672 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2012.05.13 20:26:00 | 000,078,648 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2012.05.13 20:25:54 | 000,018,232 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2012.05.13 20:25:52 | 000,054,584 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2012.05.13 20:25:42 | 000,011,576 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2012.05.13 20:25:40 | 000,028,472 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2012.05.13 20:25:38 | 000,013,112 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2012.05.13 20:25:38 | 000,012,088 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2012.05.13 20:25:34 | 001,218,360 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2012.05.13 20:25:34 | 000,080,696 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2012.05.13 20:25:32 | 000,542,008 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2012.05.13 20:24:30 | 000,046,904 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2012.05.13 20:24:18 | 000,025,400 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\de\Smartbar.GUI.MainClient.resources.dll
MOD - [2012.05.10 08:35:02 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012.05.10 07:41:16 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll
MOD - [2012.05.10 07:38:28 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\59a5af8e3ea07f7980e0476d2da234cd\System.Web.Services.ni.dll
MOD - [2012.05.10 07:38:25 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll
MOD - [2012.05.10 07:38:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 07:38:11 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012.05.10 07:38:10 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012.05.10 07:38:09 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.10 07:37:25 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.10 07:37:12 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.10 07:36:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 07:36:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 07:36:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 07:36:17 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.03 20:20:08 | 020,101,120 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012.05.03 20:20:08 | 000,932,528 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012.04.02 15:36:52 | 000,910,648 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2012.04.02 15:36:50 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012.04.02 15:36:49 | 000,145,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2010.11.18 02:28:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010.06.29 00:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.02.28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2012.02.08 23:10:36 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.12 18:06:48 | 004,700,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.11.17 18:09:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.05.31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 16:15:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 16:15:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.24 15:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 07:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.28 04:06:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.06.21 11:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.13 12:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2007.09.17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2012.04.23 18:01:07 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry_nt
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes,DefaultScope = {2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=eea245cd00000000000018f46a895e52
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=609ABE12-EA01-4ED9-91A6-0419BDB7AA96&apn_sauid=7C96F8C7-9005-489C-ADF8-1D79730BBAEC
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011.03.03 23:00:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions [2011.03.03 23:00:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.22 21:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.22 21:46:40 | 000,000,000 | ---D | M]
 
[2011.02.27 00:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.06.14 18:43:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions
[2011.09.19 02:42:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com
[2012.06.14 18:43:11 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com
[2012.06.14 18:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged
[2012.05.09 23:14:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com
[2012.02.01 23:00:50 | 000,002,572 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml
[2012.05.12 00:47:24 | 000,002,468 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml
[2012.06.14 18:43:15 | 000,002,474 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml
[2012.01.13 19:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.13 19:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.01.13 19:30:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.21 07:50:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.19 02:42:28 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.07.21 07:50:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.21 07:50:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.21 07:50:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.07.21 07:50:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! Deutschland (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=827316&p={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ClickPotatoLiteSA] "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe" File not found
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [AutoStart PC Studio] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NewPCStudio.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Browser Infrastructure Helper] C:\Users\Christian\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Facebook Update] C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [MediaGet2] C:\Users\Christian\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Spotify] C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C44FE9DB-6136-40F9-9A08-059A7EF7DD50}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell - "" = AutoRun
O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.15 14:07:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.06.14 18:40:06 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.14 18:39:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.14 18:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.14 18:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.05.20 11:21:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.18 04:29:48 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.15 14:07:06 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2012.06.15 14:04:45 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.15 14:04:43 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job
[2012.06.15 14:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.15 10:22:16 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job
[2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.06.14 18:43:17 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 18:43:17 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 18:39:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.14 18:39:34 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 18:39:34 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 18:39:34 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 18:39:34 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 18:39:34 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.14 18:39:20 | 000,001,262 | ---- | M] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk
[2012.06.14 18:34:08 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.14 18:33:41 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.12 10:13:19 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.05 11:29:54 | 000,001,407 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml
[2012.06.05 11:29:45 | 000,001,043 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2012.05.18 04:29:49 | 000,001,344 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
 
========== Files Created - No Company Name ==========
 
[2012.06.15 14:07:06 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2012.06.14 18:39:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.14 18:39:20 | 000,001,262 | ---- | C] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk
[2012.06.05 08:35:31 | 000,001,407 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml
[2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.02.01 23:36:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.07.21 08:09:13 | 000,937,001 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.03.03 23:02:22 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.03.03 23:02:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.27 00:33:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.25 19:58:17 | 001,527,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.30 11:45:41 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.08.30 11:45:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.08.30 11:45:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.08.30 11:45:40 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.08.30 11:45:39 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
 
========== LOP Check ==========
 
[2011.09.19 02:42:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon
[2011.10.09 07:25:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.04.08 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\eSobi
[2012.02.13 13:49:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreePDF
[2012.01.19 05:56:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0
[2011.12.20 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Get LLC
[2012.06.10 22:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nitro PDF
[2012.04.02 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy
[2011.12.25 23:14:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite
[2012.04.02 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\pdfforge
[2011.07.21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\QuickScan
[2012.04.23 23:49:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung
[2011.03.03 23:00:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ShopperReports3
[2011.07.09 01:14:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simfy
[2012.06.14 14:05:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client
[2012.06.14 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify
[2012.04.24 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Temp
[2011.02.25 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP
[2012.06.15 10:22:16 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job
[2012.06.15 14:04:43 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job
[2012.02.11 00:54:12 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
         
und die Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 15.06.2012 14:08:16 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 51,32% Memory free
7,36 Gb Paging File | 5,23 Gb Available in Paging File | 71,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 324,38 Gb Free Space | 71,66% Space Free | Partition Type: NTFS
Drive D: | 3,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,64% Space Free | Partition Type: FAT32
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10857FF3-734D-45A3-80FA-F39369D04356}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{161E8734-C1CC-49AD-BD4E-735E71FF030A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{230DC425-49D3-404F-ABE4-307BBEE6004E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3DDAB82D-A683-4241-AAF5-58FB6D7B8BA0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{41A3161B-8C48-4453-AD02-1F96928800BA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{58180E4F-3503-4B2D-BFA2-4A323A700F48}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5FC2DFA1-60E4-436E-A573-3CB62F4E20C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{616173E2-BB5A-40B5-8715-B8E899E8944B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{66C86EE0-2D3A-4440-AACD-5BEB8542024B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6B4A0B2A-B75F-40CC-95AD-19F0483392B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6BC72F9F-8EFC-4991-989D-1085EAA06BA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{87FF08D8-1254-462F-8888-DC5D6192DE09}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{99A110CA-C174-4442-B06F-F50E82C12D56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9CFD2095-FE98-44EB-8993-E3764D9D1E53}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AC16C13F-F71C-42BA-AE6A-79E0CCB5E27B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AEA86731-8348-4878-842C-869113AC646C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B8E23DE0-53A5-4835-B2F8-FE7CDEDC8FA2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B9E5EBD9-872F-4C79-852B-620A66E62ADC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C111084D-C3B3-4356-9FCF-F1ABB528A8EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C61E10A9-4960-4589-8FF7-21829547AC68}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CD6BE791-3401-474B-AB7F-FC97D9A13BC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D9357A0B-53FC-4340-B1E8-865320AF9C2D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FA92B3BA-6F55-4025-BE79-B5A7909406EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEFAAC15-9DBF-4FFA-B2AB-FD66B09D1B1D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FF1CA649-B3BD-44A4-84A6-CFC7FC5E9CEA}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090253AD-C4D0-4F79-8BFE-9F150D79839D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0B084B26-9548-471A-9A37-0C6FC1FB475A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{0DDF194E-4DA1-4252-AB3E-345112F8A67A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{153D2E66-CCFB-4867-AF6A-E47BB1024F07}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{1F586E89-AB16-4F7C-B44E-5944766FB512}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2201BD05-0B95-4C03-9CF5-BCFC92E5B055}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2B3DFD1C-48AF-46B8-B34D-175B4D37F2CC}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{2DEB3814-A9A1-432C-A3C3-55F4A53237A4}" = protocol=6 | dir=in | app=d:\alicecd.exe | 
"{2E9D5C3D-8D1A-4C80-AD17-6CAAF26351BB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{30C41EDF-8E61-4A8A-AE9A-9D0278FE3FCB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{366DA055-E4B3-4AFC-BBC9-31BCD9EB0D67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3DA502C7-D292-4187-A459-33F98AC03664}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{4894F62B-2D64-4D39-AFF3-729623A69DF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{48E38844-3920-40B9-A5A9-23E4205D0006}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4CDB7983-D6E1-4779-898D-02FF7A90D2F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4F8F5732-361F-450B-AEEA-6B370D7187E5}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{55AF4410-BF1B-4808-88FE-D594A0FF9AF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{57704688-837F-40C5-B443-872D98A16714}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{5C397009-3C9F-4251-A9C3-A79E9D58DBDF}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | 
"{692C4C03-65A6-4D72-92FD-9C13F2F4F5C7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6C9ED932-089E-4C5E-917C-263D09B0D181}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{73F8A36B-479B-4F36-A1BC-7F5FEBE31B28}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{74EA4FC4-773A-4831-A322-BD6CA06EBC02}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{7909F012-F88B-4D59-8AA5-8E73869C202B}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{800465BA-73D0-446E-93ED-133F331606F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{87207D77-187C-4EE5-8663-B328072A40AA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{8806DA4F-A918-4590-8DC7-E97F222B0456}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{89282F1B-BDE9-4D13-A4FD-7CFEC92BDEE7}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{8947E538-D856-4512-B18A-692A75AC0389}" = dir=in | app=c:\users\christian\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{9798C755-AAB4-42A8-878F-36C19447B809}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB03E752-067D-48CF-A59C-4F91299D6475}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | 
"{AE010753-FBBE-43B1-9179-0603B15797FF}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{B5B506DD-0D67-4843-98C1-4034D3FE1432}" = protocol=6 | dir=out | app=system | 
"{BB324F12-C9EC-42BA-8DD1-77A9931FD381}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C4D526F8-75EE-486D-B942-A11F6F7CD3D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C5BBE7EA-A202-4D5A-A458-F02EA18E1245}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CFD5122F-7121-4863-8905-F423BC8F7F76}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{D0E60950-D502-4CEB-A84E-1563155E4304}" = protocol=17 | dir=in | app=d:\alicecd.exe | 
"{DBD6C013-E052-461F-ACD9-6E7D5C91FD9F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DCD63F58-6E99-4014-BD65-B8F3BFC5FDA6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DF0336BC-1153-408F-B4E6-345442BD020E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E3C23806-6BC8-4BCA-9D15-327C8FA69E1C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E4CF0C95-001C-4EA0-834D-80C11CA996DC}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{E8682BBF-184A-42D8-8573-3FFDC7A4BB63}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E8D1073A-56E5-4F18-A34A-963726A2120D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EA76791D-002D-46E5-9D9F-3850C58FBC4E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{F02FA7F2-4E09-45D6-80F1-54D46C8D96B6}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{F67EFDD9-C325-4067-A362-5B6FCA3F8F7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{234E8396-93FA-4BF1-8B3D-270061E8BDCC}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe | 
"TCP Query User{28E3FF6F-74C9-4839-8AE5-A6E87F819A09}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{4AC42749-0AC4-4DC2-A0A1-B7DE46DCCEF1}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | 
"TCP Query User{C83B91B6-97AB-46B6-8D6A-93894832314C}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{FB14F227-49F0-45C0-8C10-EC7D3F62614B}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe | 
"UDP Query User{0F366AE5-565D-43FB-B896-D85278CA9BBB}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{1D42D6AC-F9E1-47BF-900A-8DDCCBDA1550}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | 
"UDP Query User{9B03173A-004B-4685-B427-337D54AD2417}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe | 
"UDP Query User{C119244D-71C4-4C16-A51A-305E4164DF0E}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe | 
"UDP Query User{E8076A75-6353-4A55-ABC5-6073913403AE}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{29D90A83-171E-4A78-B6DC-66B76FE52A2C}_is1" = ixPlayer 2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F1DE10B0-51C2-417F-A3EC-0B443243F1A1}" = Nitro Reader 2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2523DCE9-47C5-14E5-F315-496B75316B45}" = Zoosk Messenger
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver
"{35AC562E-F11A-060C-CD06-70FB80113769}" = simfy
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}" = pdfforge Toolbar v5.8
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{70D3EBFD-C613-49DB-A444-A4BD720DE1E9}" = Linkury Smartbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Canon RAW Codec" = Canon RAW Codec
"ClickPotatoLiteSA" = ClickPotato
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.04" = GPL Ghostscript
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA-Treiber
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Simfy" = simfy
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"MediaGet" = Der Torrent-Client MediaGet
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.05.2012 04:05:13 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 18.0.1025.168,
 Zeitstempel: 0x4f9b3c24  Name des fehlerhaften Moduls: coreclr.dll, Version: 4.1.10329.0,
 Zeitstempel: 0x4f740d41  Ausnahmecode: 0x8013150a  Fehleroffset: 0x0013d2a6  ID des fehlerhaften
 Prozesses: 0x1914  Startzeit der fehlerhaften Anwendung: 0x01cd32715e72ee82  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll
Berichtskennung:
 b22cfff5-9e64-11e1-bfcc-1c7508346bc0
 
Error - 15.05.2012 04:42:01 | Computer Name = Christian-PC | Source = .NET Runtime | ID = 1023
Description = 
 
Error - 15.05.2012 04:42:02 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 18.0.1025.168,
 Zeitstempel: 0x4f9b3c24  Name des fehlerhaften Moduls: coreclr.dll, Version: 4.1.10329.0,
 Zeitstempel: 0x4f740d41  Ausnahmecode: 0x8013150a  Fehleroffset: 0x0013d2a6  ID des fehlerhaften
 Prozesses: 0x24dc  Startzeit der fehlerhaften Anwendung: 0x01cd327553aa5bdf  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll
Berichtskennung:
 d719a000-9e69-11e1-bfcc-1c7508346bc0
 
Error - 16.05.2012 13:12:04 | Computer Name = Christian-PC | Source = .NET Runtime | ID = 1023
Description = 
 
Error - 16.05.2012 13:12:06 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 18.0.1025.168,
 Zeitstempel: 0x4f9b3c24  Name des fehlerhaften Moduls: coreclr.dll, Version: 4.1.10329.0,
 Zeitstempel: 0x4f740d41  Ausnahmecode: 0x8013150a  Fehleroffset: 0x0013d2a6  ID des fehlerhaften
 Prozesses: 0x2624  Startzeit der fehlerhaften Anwendung: 0x01cd333c737b8224  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll
Berichtskennung:
 42a5b1bb-9f7a-11e1-bfcc-1c7508346bc0
 
Error - 17.05.2012 05:25:24 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.05.2012 06:42:14 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.05.2012 06:45:02 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.05.2012 06:09:55 | Computer Name = Christian-PC | Source = Application Hang | ID = 1002
Description = Programm spotify.exe, Version 0.8.3.222 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e58    Startzeit: 
01cd2f3c79abc8fe    Endzeit: 921    Anwendungspfad: C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe
 
Berichts-ID:
 e6111019-a263-11e1-bfcc-1c7508346bc0  
 
Error - 20.05.2012 10:38:14 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.05.2012 10:40:25 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ Media Center Events ]
Error - 11.02.2012 07:00:42 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 12:00:41 - Fehler beim Herstellen der Internetverbindung.  12:00:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 07:00:47 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 12:00:47 - Fehler beim Herstellen der Internetverbindung.  12:00:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.02.2012 16:08:38 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 21:08:38 - Fehler beim Herstellen der Internetverbindung.  21:08:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.02.2012 16:08:48 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 21:08:43 - Fehler beim Herstellen der Internetverbindung.  21:08:43 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.02.2012 17:25:56 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 22:25:56 - Fehler beim Herstellen der Internetverbindung.  22:25:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.02.2012 17:26:03 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 22:26:01 - Fehler beim Herstellen der Internetverbindung.  22:26:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.02.2012 18:26:11 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:26:11 - Fehler beim Herstellen der Internetverbindung.  23:26:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.02.2012 18:26:18 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:26:16 - Fehler beim Herstellen der Internetverbindung.  23:26:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.03.2012 18:12:02 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:12:02 - Fehler beim Herstellen der Internetverbindung.  23:12:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.03.2012 18:12:08 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:12:07 - Fehler beim Herstellen der Internetverbindung.  23:12:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 11.06.2012 12:42:59 | Computer Name = Christian-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 904.
 
Error - 11.06.2012 17:59:26 | Computer Name = Christian-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 904.
 
Error - 12.06.2012 12:49:33 | Computer Name = Christian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?06.?2012 um 18:47:09 unerwartet heruntergefahren.
 
Error - 12.06.2012 12:50:57 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 SSDP-Suche erreicht.
 
Error - 12.06.2012 12:50:57 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSDP-Suche" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 12.06.2012 12:51:48 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Media Player-Netzwerkfreigabedienst erreicht.
 
Error - 12.06.2012 12:51:48 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 12.06.2012 12:54:19 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 14.06.2012 12:37:08 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Intel(R) Rapid Storage Technology erreicht.
 
Error - 14.06.2012 12:37:08 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         
Habe dann im Anschluss noch einen kompletten Scan mit Malwarebytes durchgeführt.
Hier das Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org
 
Datenbank Version: v2012.06.15.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Christian :: CHRISTIAN-PC [Administrator]
 
Schutz: Aktiviert
 
15.06.2012 14:23:53
mbam-log-2012-06-15 (14-23-53).txt
 
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410692
Laufzeit: 57 Minute(n), 59 Sekunde(n)
 
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel: 28
HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShopperReports.CntntDic (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShopperReports.CntntDisp (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShopperReports.Stock (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 
Infizierte Registrierungswerte: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.0.517.0 (Adware.HotBar) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790777B076545430AB92 (Malware.Trace) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ClickPotatoLiteSA (Adware.ClickPotato) -> Daten: "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Daten: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Daten: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt.
 
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse: 19
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christian\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 
Infizierte Dateien: 20
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\CntntCntr.dll (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReportsUninstaller.exe (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christian\AppData\Local\Temp\zodqtnwyxy.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 
(Ende)
         
Eset Online habe ich auch nochmal nach der Anleitung hier im Forum durchlaufen lassen:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ea180e3de878d9408249c1c91e8db8e3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-15 03:57:42
# local_time=2012-06-15 05:57:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 12937568 12937568 0 0
# compatibility_mode=5893 16776573 100 94 1355 91400456 0 0
# compatibility_mode=8192 67108863 100 0 151 151 0 0
# scanned=192671
# found=9
# cleaned=0
# scan_time=5256
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll    a variant of Win32/Toolbar.Babylon application (unable to clean)    00000000000000000000000000000000    I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll    Win32/Toolbar.Babylon application (unable to clean)    00000000000000000000000000000000    I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe    probably a variant of Win32/Toolbar.Babylon application (unable to clean)    00000000000000000000000000000000    I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll    Win32/Toolbar.Babylon application (unable to clean)    00000000000000000000000000000000    I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll    Win32/Toolbar.Babylon application (unable to clean)    00000000000000000000000000000000    I
C:\Users\Christian\AppData\Local\Babylon\Setup\Setup.exe    Win32/Toolbar.Babylon application (unable to clean)    00000000000000000000000000000000    I
C:\Users\Christian\AppData\Local\Temp\7052DBBF-BAB0-7891-B3C2-7D38BE0A4DA8\MyBabylonTB.exe    Win32/Toolbar.Babylon application (unable to clean)    00000000000000000000000000000000    I
C:\Users\Christian\AppData\Local\Temp\7052DBBF-BAB0-7891-B3C2-7D38BE0A4DA8\Setup.exe    Win32/Toolbar.Babylon application (unable to clean)    00000000000000000000000000000000    I
C:\Windows\Installer\f54e34b.msi    a variant of Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
         
Sorry für den zweiten Post - aber irgendwie habe ich den Button zum bearbeiten nicht gefunden

Anscheinend hat mein Bekannter den Verschlüsselungstrojaner 2.00.11 - Die eMail stimmt nahezu überein, die Textdatei auf dem Desktop ebenfalls und die Dateien sind augenscheinlich nicht umbenannt worden. - Hoffe das hilft weiter //diesmal habe ich den "edit" Button gefunden - anderer Post war wohl zu alt :/

Viele Grüße
Thomas

Alt 18.06.2012, 11:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 18.06.2012, 13:55   #3
sportsocke
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Hallo Arne,

erst mal danke, dass du mir bei dem Thema helfen willst!

--> Gerade gemerkt, dass ich einen Schritt vergessen habe - Asche auf mein Haupt.... // habs nun aktualisiert angehängt!

Anbei ein neuer OTL Log

OTL Log
Code:
ATTFilter
OTL logfile created on: 18.06.2012 15:14:45 - Run 3
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 58,95% Memory free
7,36 Gb Paging File | 5,67 Gb Available in Paging File | 77,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 322,72 Gb Free Space | 71,29% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,46% Space Free | Partition Type: FAT32
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 16:15:30 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2012.02.08 23:10:36 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.12 18:06:48 | 004,700,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2010.11.17 18:09:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.05.31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 16:15:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 16:15:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.24 15:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 07:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.28 04:06:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.06.21 11:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.13 12:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2007.09.17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2012.04.23 18:01:07 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry_nt
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes,DefaultScope = {2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=eea245cd00000000000018f46a895e52
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=609ABE12-EA01-4ED9-91A6-0419BDB7AA96&apn_sauid=7C96F8C7-9005-489C-ADF8-1D79730BBAEC
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.22 21:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.22 21:46:40 | 000,000,000 | ---D | M]
 
[2011.02.27 00:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.06.15 16:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions
[2011.09.19 02:42:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com
[2012.06.14 18:43:11 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com
[2012.06.14 18:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged
[2012.05.09 23:14:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com
[2012.02.01 23:00:50 | 000,002,572 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml
[2012.05.12 00:47:24 | 000,002,468 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml
[2012.06.14 18:43:15 | 000,002,474 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml
[2012.01.13 19:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.13 19:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.01.13 19:30:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.21 07:50:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.19 02:42:28 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.07.21 07:50:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.21 07:50:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.21 07:50:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.07.21 07:50:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! Deutschland (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=827316&p={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C44FE9DB-6136-40F9-9A08-059A7EF7DD50}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell - "" = AutoRun
O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: AutoStart PC Studio - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NewPCStudio.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig:64bit - StartUpReg: Browser Infrastructure Helper - hkey= - key= - C:\Users\Christian\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
MsConfig:64bit - StartUpReg: EgisTecPMMUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: EgisUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: ETDWare - hkey= - key= - C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig:64bit - StartUpReg: MediaGet2 - hkey= - key= - C:\Users\Christian\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.16 13:51:23 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Snapshot Disk Imaging
[2012.06.16 13:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapshot Disk Imaging
[2012.06.16 13:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Snapshot
[2012.06.16 11:12:46 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\www.shadowexplorer.com
[2012.06.16 11:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.06.16 11:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer
[2012.06.15 16:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.15 16:14:58 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.15 14:07:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.06.14 18:40:06 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.14 18:39:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.14 18:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.14 18:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.05.20 11:21:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 15:02:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.18 14:44:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 14:44:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 14:36:46 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.18 14:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 14:35:45 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.16 22:29:05 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job
[2012.06.16 13:52:33 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.16 13:52:33 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.16 13:52:33 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.16 13:52:33 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.16 13:52:33 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.16 13:51:24 | 000,001,889 | ---- | M] () -- C:\Users\Christian\Desktop\Snapshot.lnk
[2012.06.16 11:12:40 | 000,001,889 | ---- | M] () -- C:\Users\Christian\Desktop\ShadowExplorer.lnk
[2012.06.15 14:18:56 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job
[2012.06.15 14:07:06 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.06.14 18:39:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.14 18:39:20 | 000,001,262 | ---- | M] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk
[2012.06.12 10:13:19 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.05 11:29:54 | 000,001,407 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml
[2012.06.05 11:29:45 | 000,001,043 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
 
========== Files Created - No Company Name ==========
 
[2012.06.16 13:51:24 | 000,001,889 | ---- | C] () -- C:\Users\Christian\Desktop\Snapshot.lnk
[2012.06.16 11:12:40 | 000,001,889 | ---- | C] () -- C:\Users\Christian\Desktop\ShadowExplorer.lnk
[2012.06.15 14:07:06 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2012.06.14 18:39:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.14 18:39:20 | 000,001,262 | ---- | C] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk
[2012.06.05 08:35:31 | 000,001,407 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml
[2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.02.01 23:36:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.07.21 08:09:13 | 000,937,001 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.03.03 23:02:22 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.03.03 23:02:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.27 00:33:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.25 19:58:17 | 001,527,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.30 11:45:41 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.08.30 11:45:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.08.30 11:45:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.08.30 11:45:40 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.08.30 11:45:39 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
 
========== LOP Check ==========
 
[2011.09.19 02:42:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon
[2011.10.09 07:25:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.04.08 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\eSobi
[2012.02.13 13:49:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreePDF
[2012.01.19 05:56:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0
[2011.12.20 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Get LLC
[2012.06.10 22:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nitro PDF
[2012.04.02 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy
[2011.12.25 23:14:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite
[2012.04.02 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\pdfforge
[2011.07.21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\QuickScan
[2012.04.23 23:49:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung
[2011.07.09 01:14:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simfy
[2012.06.17 00:29:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client
[2012.06.15 16:15:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify
[2012.04.24 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Temp
[2011.02.25 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP
[2012.06.16 11:12:46 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\www.shadowexplorer.com
[2012.06.15 14:18:56 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job
[2012.06.16 22:29:05 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job
[2012.02.11 00:54:12 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.13 13:11:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Adobe
[2012.04.23 16:39:59 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Apple Computer
[2012.01.17 23:49:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Avira
[2011.09.19 02:42:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon
[2011.10.09 07:25:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.02.25 22:03:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\CyberLink
[2011.04.08 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\eSobi
[2012.02.13 13:49:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreePDF
[2012.01.19 05:56:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0
[2011.02.25 19:53:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Identities
[2011.02.25 19:54:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Intel Corporation
[2011.02.25 19:54:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Macromedia
[2012.06.14 18:40:06 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Center Programs
[2011.12.20 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Get LLC
[2012.04.23 18:43:32 | 000,000,000 | --SD | M] -- C:\Users\Christian\AppData\Roaming\Microsoft
[2011.02.27 00:33:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla
[2012.06.10 22:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nitro PDF
[2012.04.02 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy
[2011.12.25 23:14:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite
[2012.04.02 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\pdfforge
[2011.07.21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\QuickScan
[2012.04.23 23:49:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung
[2011.07.09 01:14:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simfy
[2012.06.17 00:29:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client
[2012.06.15 16:15:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify
[2012.04.24 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Temp
[2011.02.25 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP
[2012.06.16 11:12:46 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\www.shadowexplorer.com
 
< %APPDATA%\*.exe /s >
[2011.07.09 01:13:59 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Christian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.03.22 16:04:25 | 003,325,832 | ---- | M] (Ask) -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2012.04.02 15:18:59 | 006,263,712 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\OpenCandy\74F05C1722094B5D854DD3F62F8CBD9C\LinkuryInstallerCHCB_p1v13.exe
[2012.04.24 00:03:17 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Christian\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe
[2012.03.31 04:38:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\Christian\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.03.31 04:38:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\Christian\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2012.04.23 23:26:13 | 000,069,632 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe
[2012.04.23 17:55:03 | 089,280,248 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Christian\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
[2012.05.03 20:20:08 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe
[2012.05.03 20:20:08 | 000,932,528 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.04.13 03:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010.04.13 03:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
Viele Grüße
Thomas
__________________

Geändert von sportsocke (18.06.2012 um 14:28 Uhr)

Alt 18.06.2012, 14:38   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry_nt
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes,DefaultScope = {2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=eea245cd00000000000018f46a895e52
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=609ABE12-EA01-4ED9-91A6-0419BDB7AA96&apn_sauid=7C96F8C7-9005-489C-ADF8-1D79730BBAEC
IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9
FF - user.js - File not found
[2011.09.19 02:42:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com
[2012.06.14 18:43:11 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com
[2012.06.14 18:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged
[2012.05.09 23:14:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com
[2012.02.01 23:00:50 | 000,002,572 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml
[2012.05.12 00:47:24 | 000,002,468 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml
[2012.06.14 18:43:15 | 000,002,474 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml
[2011.09.19 02:42:28 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell - "" = AutoRun
O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
:Files
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\pdfforge Toolbar
C:\Users\Christian\AppData\Roaming\Babylon
C:\Program Files (x86)\BabylonToolbar
C:\Users\Christian\AppData\Local\Babylon
C:\Program Files (x86)\Application Updater
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.06.2012, 15:11   #5
sportsocke
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Hallo Arne,

ist alles so eingetreten wie du sagtest - anbei das Log aus der nach dem Reboot geöffneten Log datei:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&ilc=12&type=827316" removed from browser.search.param.yahoo-fr
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry" removed from browser.startup.homepage
Prefs.js: helperbar@helperbar.com:1.0 removed from extensions.enabledItems
Prefs.js: ShopperReports@ShopperReports.com:3.0.517.0 removed from extensions.enabledItems
Prefs.js: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.14.1.100009 removed from extensions.enabledItems
Prefs.js: ffxtlbr@babylon.com:1.1.9 removed from extensions.enabledItems
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com\components folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com\chrome\PublisherImages folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com\chrome\images folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com\chrome folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com\components folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com\chrome\PublisherImages folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com\chrome\images folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com\chrome folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged\helperbar@helperbar.com folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-11-Jan-2012-14-05-20-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-09-Mar-2011-13-47-07-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-22-Mar-2011-22-02-37-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-15-Mar-2011-13-42-30-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-07-Jul-2011-22-36-04-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-09-Oct-2011-05-30-17-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-17-Sep-2011-15-22-43-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-14-Nov-2011-11-40-27-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-08-Jul-2011-08-03-26-GMT folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml moved successfully.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml moved successfully.
C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav deleted successfully.
C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ApnUpdater\ not found.
========== FILES ==========
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\5.8 folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar folder moved successfully.
C:\Users\Christian\AppData\Roaming\Babylon folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10 folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files (x86)\BabylonToolbar folder moved successfully.
C:\Users\Christian\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Christian\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Christian\AppData\Local\Babylon folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Christian
->Temp folder emptied: 674226738 bytes
->Temporary Internet Files folder emptied: 272121877 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 122105985 bytes
->Google Chrome cache emptied: 24190719 bytes
->Flash cache emptied: 214234 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 477020412 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes
RecycleBin emptied: 795048465 bytes
 
Total Files Cleaned = 2.256,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Christian
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06182012_160245

Files\Folders moved on Reboot...
C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Darf ich fragen, was ich - bzw. du - da gemacht hast oder würde eine Erklärung den Rahmen sprengen?

Viele Grüße
Thomas


Alt 18.06.2012, 20:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> Verschlüsselungs Trojaner - Rechnung von Pearlfection.de

Alt 19.06.2012, 14:05   #7
sportsocke
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Hallo Arne,

anbei das Log vom TDSS Killer - 2 Sachen wurden gefunden:

Code:
ATTFilter
15:01:08.0439 2924	TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
15:01:08.0455 2924	============================================================
15:01:08.0455 2924	Current date / time: 2012/06/19 15:01:08.0455
15:01:08.0455 2924	SystemInfo:
15:01:08.0455 2924	
15:01:08.0455 2924	OS Version: 6.1.7601 ServicePack: 1.0
15:01:08.0455 2924	Product type: Workstation
15:01:08.0455 2924	ComputerName: CHRISTIAN-PC
15:01:08.0455 2924	UserName: Christian
15:01:08.0455 2924	Windows directory: C:\Windows
15:01:08.0455 2924	System windows directory: C:\Windows
15:01:08.0455 2924	Running under WOW64
15:01:08.0455 2924	Processor architecture: Intel x64
15:01:08.0455 2924	Number of processors: 4
15:01:08.0455 2924	Page size: 0x1000
15:01:08.0455 2924	Boot type: Normal boot
15:01:08.0455 2924	============================================================
15:01:09.0999 2924	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:01:09.0999 2924	Drive \Device\Harddisk1\DR1 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:01:09.0999 2924	============================================================
15:01:09.0999 2924	\Device\Harddisk0\DR0:
15:01:09.0999 2924	MBR partitions:
15:01:09.0999 2924	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
15:01:09.0999 2924	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
15:01:09.0999 2924	\Device\Harddisk1\DR1:
15:01:09.0999 2924	MBR partitions:
15:01:09.0999 2924	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x3BA080
15:01:09.0999 2924	============================================================
15:01:10.0030 2924	C: <-> \Device\Harddisk0\DR0\Partition1
15:01:10.0030 2924	============================================================
15:01:10.0030 2924	Initialize success
15:01:10.0030 2924	============================================================
15:01:35.0786 2172	============================================================
15:01:35.0786 2172	Scan started
15:01:35.0786 2172	Mode: Manual; SigCheck; TDLFS; 
15:01:35.0786 2172	============================================================
15:01:36.0301 2172	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:01:36.0425 2172	1394ohci - ok
15:01:36.0503 2172	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:01:36.0535 2172	ACPI - ok
15:01:36.0597 2172	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:01:36.0691 2172	AcpiPmi - ok
15:01:36.0831 2172	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:01:36.0847 2172	AdobeARMservice - ok
15:01:36.0925 2172	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:01:36.0940 2172	adp94xx - ok
15:01:37.0003 2172	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:01:37.0018 2172	adpahci - ok
15:01:37.0049 2172	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:01:37.0049 2172	adpu320 - ok
15:01:37.0096 2172	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:01:37.0237 2172	AeLookupSvc - ok
15:01:37.0315 2172	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:01:37.0377 2172	AFD - ok
15:01:37.0424 2172	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:01:37.0439 2172	agp440 - ok
15:01:37.0471 2172	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:01:37.0689 2172	ALG - ok
15:01:37.0783 2172	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:01:37.0783 2172	aliide - ok
15:01:37.0814 2172	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:01:37.0829 2172	amdide - ok
15:01:37.0845 2172	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:01:37.0907 2172	AmdK8 - ok
15:01:37.0939 2172	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:01:38.0001 2172	AmdPPM - ok
15:01:38.0048 2172	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:01:38.0063 2172	amdsata - ok
15:01:38.0095 2172	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:01:38.0110 2172	amdsbs - ok
15:01:38.0141 2172	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:01:38.0141 2172	amdxata - ok
15:01:38.0251 2172	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:01:38.0266 2172	AntiVirSchedulerService - ok
15:01:38.0297 2172	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:01:38.0313 2172	AntiVirService - ok
15:01:38.0375 2172	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:01:38.0500 2172	AppID - ok
15:01:38.0516 2172	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:01:38.0625 2172	AppIDSvc - ok
15:01:38.0687 2172	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:01:38.0750 2172	Appinfo - ok
15:01:38.0781 2172	Application Updater - ok
15:01:38.0812 2172	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:01:38.0828 2172	arc - ok
15:01:38.0843 2172	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:01:38.0859 2172	arcsas - ok
15:01:38.0890 2172	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:01:38.0968 2172	AsyncMac - ok
15:01:39.0015 2172	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:01:39.0015 2172	atapi - ok
15:01:39.0093 2172	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:01:39.0171 2172	AudioEndpointBuilder - ok
15:01:39.0171 2172	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:01:39.0233 2172	AudioSrv - ok
15:01:39.0280 2172	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
15:01:39.0311 2172	avgntflt - ok
15:01:39.0343 2172	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
15:01:39.0358 2172	avipbb - ok
15:01:39.0389 2172	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:01:39.0405 2172	avkmgr - ok
15:01:39.0467 2172	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:01:39.0561 2172	AxInstSV - ok
15:01:39.0623 2172	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:01:39.0701 2172	b06bdrv - ok
15:01:39.0748 2172	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:01:39.0779 2172	b57nd60a - ok
15:01:39.0951 2172	BBSvc           (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
15:01:39.0967 2172	BBSvc - ok
15:01:40.0013 2172	BBUpdate        (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
15:01:40.0029 2172	BBUpdate - ok
15:01:40.0216 2172	BCM43XX         (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:01:40.0310 2172	BCM43XX - ok
15:01:40.0419 2172	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:01:40.0466 2172	BDESVC - ok
15:01:40.0544 2172	bdfsfltr        (66116e0a4da8407ff7f2aaace52b8b54) C:\Windows\system32\DRIVERS\bdfsfltr.sys
15:01:40.0575 2172	bdfsfltr - ok
15:01:40.0606 2172	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:01:40.0684 2172	Beep - ok
15:01:40.0778 2172	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:01:40.0840 2172	BFE - ok
15:01:40.0918 2172	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:01:40.0996 2172	BITS - ok
15:01:41.0059 2172	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:01:41.0090 2172	blbdrive - ok
15:01:41.0121 2172	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:01:41.0183 2172	bowser - ok
15:01:41.0215 2172	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:01:41.0308 2172	BrFiltLo - ok
15:01:41.0339 2172	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:01:41.0386 2172	BrFiltUp - ok
15:01:41.0417 2172	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:01:41.0480 2172	Browser - ok
15:01:41.0511 2172	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:01:41.0589 2172	Brserid - ok
15:01:41.0620 2172	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:01:41.0651 2172	BrSerWdm - ok
15:01:41.0683 2172	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:01:41.0714 2172	BrUsbMdm - ok
15:01:41.0745 2172	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:01:41.0776 2172	BrUsbSer - ok
15:01:41.0792 2172	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:01:41.0823 2172	BTHMODEM - ok
15:01:41.0870 2172	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:01:41.0932 2172	bthserv - ok
15:01:41.0963 2172	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:01:42.0026 2172	cdfs - ok
15:01:42.0073 2172	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:01:42.0104 2172	cdrom - ok
15:01:42.0166 2172	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:01:42.0229 2172	CertPropSvc - ok
15:01:42.0275 2172	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:01:42.0307 2172	circlass - ok
15:01:42.0353 2172	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:01:42.0369 2172	CLFS - ok
15:01:42.0431 2172	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:01:42.0447 2172	clr_optimization_v2.0.50727_32 - ok
15:01:42.0478 2172	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:01:42.0478 2172	clr_optimization_v2.0.50727_64 - ok
15:01:42.0556 2172	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:01:42.0572 2172	clr_optimization_v4.0.30319_32 - ok
15:01:42.0603 2172	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:01:42.0619 2172	clr_optimization_v4.0.30319_64 - ok
15:01:42.0634 2172	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:01:42.0665 2172	CmBatt - ok
15:01:42.0697 2172	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:01:42.0712 2172	cmdide - ok
15:01:42.0759 2172	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:01:42.0790 2172	CNG - ok
15:01:42.0821 2172	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:01:42.0837 2172	Compbatt - ok
15:01:42.0884 2172	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:01:42.0931 2172	CompositeBus - ok
15:01:42.0946 2172	COMSysApp - ok
15:01:42.0977 2172	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:01:42.0993 2172	crcdisk - ok
15:01:43.0055 2172	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:01:43.0087 2172	CryptSvc - ok
15:01:43.0243 2172	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:01:43.0274 2172	cvhsvc - ok
15:01:43.0352 2172	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:01:43.0414 2172	DcomLaunch - ok
15:01:43.0461 2172	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:01:43.0523 2172	defragsvc - ok
15:01:43.0617 2172	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:01:43.0664 2172	DfsC - ok
15:01:43.0742 2172	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:01:43.0820 2172	Dhcp - ok
15:01:43.0851 2172	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:01:43.0898 2172	discache - ok
15:01:43.0929 2172	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:01:43.0945 2172	Disk - ok
15:01:43.0976 2172	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:01:44.0038 2172	Dnscache - ok
15:01:44.0085 2172	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:01:44.0132 2172	dot3svc - ok
15:01:44.0179 2172	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:01:44.0241 2172	DPS - ok
15:01:44.0257 2172	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:01:44.0303 2172	drmkaud - ok
15:01:44.0381 2172	DsiWMIService   (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:01:44.0397 2172	DsiWMIService - ok
15:01:44.0475 2172	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:01:44.0491 2172	DXGKrnl - ok
15:01:44.0537 2172	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:01:44.0600 2172	EapHost - ok
15:01:44.0756 2172	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:01:44.0834 2172	ebdrv - ok
15:01:44.0959 2172	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:01:45.0005 2172	EFS - ok
15:01:45.0115 2172	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:01:45.0177 2172	ehRecvr - ok
15:01:45.0208 2172	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:01:45.0271 2172	ehSched - ok
15:01:45.0349 2172	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:01:45.0380 2172	elxstor - ok
15:01:45.0489 2172	ePowerSvc       (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:01:45.0505 2172	ePowerSvc - ok
15:01:45.0598 2172	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:01:45.0629 2172	ErrDev - ok
15:01:45.0676 2172	ETD             (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
15:01:45.0692 2172	ETD - ok
15:01:45.0739 2172	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:01:45.0801 2172	EventSystem - ok
15:01:45.0817 2172	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:01:45.0879 2172	exfat - ok
15:01:45.0910 2172	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:01:45.0973 2172	fastfat - ok
15:01:46.0051 2172	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:01:46.0129 2172	Fax - ok
15:01:46.0160 2172	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:01:46.0207 2172	fdc - ok
15:01:46.0238 2172	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:01:46.0300 2172	fdPHost - ok
15:01:46.0331 2172	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:01:46.0394 2172	FDResPub - ok
15:01:46.0425 2172	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:01:46.0441 2172	FileInfo - ok
15:01:46.0456 2172	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:01:46.0519 2172	Filetrace - ok
15:01:46.0597 2172	FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:01:46.0628 2172	FLEXnet Licensing Service - ok
15:01:46.0628 2172	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:01:46.0675 2172	flpydisk - ok
15:01:46.0721 2172	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:01:46.0737 2172	FltMgr - ok
15:01:46.0799 2172	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:01:46.0862 2172	FontCache - ok
15:01:46.0940 2172	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:01:46.0955 2172	FontCache3.0.0.0 - ok
15:01:47.0002 2172	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:01:47.0018 2172	FsDepends - ok
15:01:47.0065 2172	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:01:47.0065 2172	Fs_Rec - ok
15:01:47.0127 2172	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:01:47.0143 2172	fvevol - ok
15:01:47.0174 2172	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:01:47.0174 2172	gagp30kx - ok
15:01:47.0252 2172	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:01:47.0314 2172	gpsvc - ok
15:01:47.0392 2172	GREGService     (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:01:47.0408 2172	GREGService - ok
15:01:47.0470 2172	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:01:47.0486 2172	gupdate - ok
15:01:47.0501 2172	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:01:47.0501 2172	gupdatem - ok
15:01:47.0533 2172	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:01:47.0595 2172	hcw85cir - ok
15:01:47.0642 2172	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:01:47.0673 2172	HdAudAddService - ok
15:01:47.0720 2172	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:01:47.0751 2172	HDAudBus - ok
15:01:47.0798 2172	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:01:47.0813 2172	HECIx64 - ok
15:01:47.0829 2172	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:01:47.0860 2172	HidBatt - ok
15:01:47.0891 2172	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:01:47.0923 2172	HidBth - ok
15:01:47.0954 2172	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:01:47.0985 2172	HidIr - ok
15:01:48.0032 2172	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:01:48.0079 2172	hidserv - ok
15:01:48.0141 2172	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:01:48.0157 2172	HidUsb - ok
15:01:48.0188 2172	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:01:48.0250 2172	hkmsvc - ok
15:01:48.0297 2172	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:01:48.0359 2172	HomeGroupListener - ok
15:01:48.0406 2172	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:01:48.0437 2172	HomeGroupProvider - ok
15:01:48.0484 2172	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:01:48.0484 2172	HpSAMD - ok
15:01:48.0578 2172	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:01:48.0640 2172	HTTP - ok
15:01:48.0703 2172	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:01:48.0703 2172	hwpolicy - ok
15:01:48.0734 2172	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:01:48.0749 2172	i8042prt - ok
15:01:48.0796 2172	iaStor          (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
15:01:48.0812 2172	iaStor - ok
15:01:48.0890 2172	IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:01:48.0905 2172	IAStorDataMgrSvc - ok
15:01:48.0968 2172	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:01:48.0983 2172	iaStorV - ok
15:01:49.0108 2172	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:01:49.0139 2172	idsvc - ok
15:01:49.0545 2172	igfx            (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:01:49.0873 2172	igfx - ok
15:01:49.0966 2172	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:01:49.0982 2172	iirsp - ok
15:01:50.0060 2172	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:01:50.0122 2172	IKEEXT - ok
15:01:50.0169 2172	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
15:01:50.0231 2172	Impcd - ok
15:01:50.0372 2172	IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
15:01:50.0434 2172	IntcAzAudAddService - ok
15:01:50.0575 2172	IntcDAud        (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:01:50.0637 2172	IntcDAud - ok
15:01:50.0668 2172	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:01:50.0684 2172	intelide - ok
15:01:50.0715 2172	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:01:50.0746 2172	intelppm - ok
15:01:50.0793 2172	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:01:50.0840 2172	IPBusEnum - ok
15:01:50.0871 2172	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:01:50.0933 2172	IpFilterDriver - ok
15:01:50.0996 2172	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:01:51.0058 2172	iphlpsvc - ok
15:01:51.0089 2172	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:01:51.0136 2172	IPMIDRV - ok
15:01:51.0167 2172	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:01:51.0214 2172	IPNAT - ok
15:01:51.0261 2172	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:01:51.0339 2172	IRENUM - ok
15:01:51.0355 2172	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:01:51.0370 2172	isapnp - ok
15:01:51.0417 2172	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:01:51.0433 2172	iScsiPrt - ok
15:01:51.0511 2172	k57nd60a        (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:01:51.0526 2172	k57nd60a - ok
15:01:51.0573 2172	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:01:51.0589 2172	kbdclass - ok
15:01:51.0620 2172	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:01:51.0651 2172	kbdhid - ok
15:01:51.0682 2172	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:01:51.0698 2172	KeyIso - ok
15:01:51.0713 2172	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:01:51.0729 2172	KSecDD - ok
15:01:51.0745 2172	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:01:51.0760 2172	KSecPkg - ok
15:01:51.0791 2172	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:01:51.0854 2172	ksthunk - ok
15:01:51.0885 2172	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:01:51.0932 2172	KtmRm - ok
15:01:51.0994 2172	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:01:52.0057 2172	LanmanServer - ok
15:01:52.0088 2172	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:01:52.0135 2172	LanmanWorkstation - ok
15:01:52.0166 2172	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:01:52.0244 2172	lltdio - ok
15:01:52.0291 2172	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:01:52.0337 2172	lltdsvc - ok
15:01:52.0369 2172	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:01:52.0431 2172	lmhosts - ok
15:01:52.0509 2172	LMS             (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:01:52.0540 2172	LMS - ok
15:01:52.0587 2172	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:01:52.0603 2172	LSI_FC - ok
15:01:52.0603 2172	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:01:52.0618 2172	LSI_SAS - ok
15:01:52.0634 2172	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:01:52.0649 2172	LSI_SAS2 - ok
15:01:52.0681 2172	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:01:52.0681 2172	LSI_SCSI - ok
15:01:52.0712 2172	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:01:52.0759 2172	luafv - ok
15:01:52.0821 2172	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:01:52.0837 2172	MBAMProtector - ok
15:01:52.0915 2172	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:01:52.0946 2172	MBAMService - ok
15:01:52.0993 2172	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
15:01:53.0024 2172	McComponentHostService - ok
15:01:53.0039 2172	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:01:53.0086 2172	Mcx2Svc - ok
15:01:53.0117 2172	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:01:53.0133 2172	megasas - ok
15:01:53.0164 2172	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:01:53.0180 2172	MegaSR - ok
15:01:53.0211 2172	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:01:53.0273 2172	MMCSS - ok
15:01:53.0289 2172	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:01:53.0351 2172	Modem - ok
15:01:53.0398 2172	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:01:53.0429 2172	monitor - ok
15:01:53.0476 2172	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:01:53.0492 2172	mouclass - ok
15:01:53.0523 2172	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:01:53.0539 2172	mouhid - ok
15:01:53.0570 2172	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:01:53.0585 2172	mountmgr - ok
15:01:53.0632 2172	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:01:53.0632 2172	mpio - ok
15:01:53.0663 2172	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:01:53.0710 2172	mpsdrv - ok
15:01:53.0788 2172	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:01:53.0866 2172	MpsSvc - ok
15:01:53.0929 2172	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:01:53.0975 2172	MRxDAV - ok
15:01:54.0007 2172	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:01:54.0038 2172	mrxsmb - ok
15:01:54.0069 2172	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:01:54.0116 2172	mrxsmb10 - ok
15:01:54.0147 2172	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:01:54.0163 2172	mrxsmb20 - ok
15:01:54.0209 2172	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:01:54.0209 2172	msahci - ok
15:01:54.0241 2172	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:01:54.0256 2172	msdsm - ok
15:01:54.0287 2172	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:01:54.0303 2172	MSDTC - ok
15:01:54.0350 2172	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:01:54.0381 2172	Msfs - ok
15:01:54.0397 2172	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:01:54.0443 2172	mshidkmdf - ok
15:01:54.0475 2172	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:01:54.0490 2172	msisadrv - ok
15:01:54.0537 2172	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:01:54.0599 2172	MSiSCSI - ok
15:01:54.0599 2172	msiserver - ok
15:01:54.0631 2172	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:01:54.0693 2172	MSKSSRV - ok
15:01:54.0724 2172	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:01:54.0755 2172	MSPCLOCK - ok
15:01:54.0771 2172	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:01:54.0849 2172	MSPQM - ok
15:01:54.0896 2172	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:01:54.0911 2172	MsRPC - ok
15:01:54.0943 2172	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:01:54.0958 2172	mssmbios - ok
15:01:54.0989 2172	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:01:55.0052 2172	MSTEE - ok
15:01:55.0083 2172	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:01:55.0114 2172	MTConfig - ok
15:01:55.0145 2172	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:01:55.0161 2172	Mup - ok
15:01:55.0192 2172	mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:01:55.0208 2172	mwlPSDFilter - ok
15:01:55.0223 2172	mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:01:55.0239 2172	mwlPSDNServ - ok
15:01:55.0255 2172	mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:01:55.0270 2172	mwlPSDVDisk - ok
15:01:55.0348 2172	MWLService      (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
15:01:55.0364 2172	MWLService - ok
15:01:55.0411 2172	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:01:55.0489 2172	napagent - ok
15:01:55.0535 2172	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:01:55.0582 2172	NativeWifiP - ok
15:01:55.0645 2172	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:01:55.0660 2172	NDIS - ok
15:01:55.0707 2172	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:01:55.0738 2172	NdisCap - ok
15:01:55.0769 2172	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:01:55.0832 2172	NdisTapi - ok
15:01:55.0879 2172	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:01:55.0925 2172	Ndisuio - ok
15:01:55.0972 2172	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:01:56.0003 2172	NdisWan - ok
15:01:56.0050 2172	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:01:56.0097 2172	NDProxy - ok
15:01:56.0128 2172	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:01:56.0206 2172	NetBIOS - ok
15:01:56.0253 2172	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:01:56.0331 2172	NetBT - ok
15:01:56.0362 2172	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:01:56.0378 2172	Netlogon - ok
15:01:56.0425 2172	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:01:56.0471 2172	Netman - ok
15:01:56.0518 2172	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:01:56.0565 2172	netprofm - ok
15:01:56.0643 2172	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:01:56.0643 2172	NetTcpPortSharing - ok
15:01:56.0674 2172	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:01:56.0690 2172	nfrd960 - ok
15:01:56.0799 2172	NitroReaderDriverReadSpool2 (12d44fd546e32a4201cf3daaf5298ac2) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
15:01:56.0815 2172	NitroReaderDriverReadSpool2 - ok
15:01:56.0877 2172	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:01:56.0939 2172	NlaSvc - ok
15:01:57.0205 2172	NOBU            (f5f03fabef7df53a1c78ee6cd8e7ae41) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:01:57.0283 2172	NOBU - ok
15:01:57.0376 2172	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:01:57.0423 2172	Npfs - ok
15:01:57.0454 2172	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:01:57.0485 2172	nsi - ok
15:01:57.0501 2172	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:01:57.0563 2172	nsiproxy - ok
15:01:57.0641 2172	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:01:57.0688 2172	Ntfs - ok
15:01:57.0782 2172	NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
15:01:57.0782 2172	NTI IScheduleSvc - ok
15:01:57.0875 2172	NTIDrvr         (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
15:01:57.0891 2172	NTIDrvr - ok
15:01:57.0891 2172	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:01:57.0969 2172	Null - ok
15:01:58.0484 2172	nvlddmkm        (5c3416c9f61809bbdffe6fac0c252520) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:01:58.0858 2172	nvlddmkm - ok
15:01:58.0983 2172	nvpciflt        (10ea8a8bb2978c510f5892fcce62b00d) C:\Windows\system32\DRIVERS\nvpciflt.sys
15:01:58.0999 2172	nvpciflt - ok
15:01:59.0045 2172	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:01:59.0061 2172	nvraid - ok
15:01:59.0077 2172	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:01:59.0092 2172	nvstor - ok
15:01:59.0139 2172	nvsvc           (d9617ef20708dcee76828865122b560f) C:\Windows\system32\nvvsvc.exe
15:01:59.0155 2172	nvsvc - ok
15:01:59.0279 2172	nvUpdatusService (2848e9b51c7a5d3efad44de9834c1d74) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:01:59.0326 2172	nvUpdatusService - ok
15:01:59.0420 2172	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:01:59.0435 2172	nv_agp - ok
15:01:59.0451 2172	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:01:59.0482 2172	ohci1394 - ok
15:01:59.0560 2172	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:01:59.0560 2172	ose - ok
15:01:59.0857 2172	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:01:59.0935 2172	osppsvc - ok
15:02:00.0028 2172	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:02:00.0137 2172	p2pimsvc - ok
15:02:00.0184 2172	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:02:00.0200 2172	p2psvc - ok
15:02:00.0262 2172	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:02:00.0340 2172	Parport - ok
15:02:00.0403 2172	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:02:00.0418 2172	partmgr - ok
15:02:00.0481 2172	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:02:00.0559 2172	PcaSvc - ok
15:02:00.0621 2172	pccsmcfd        (81b5e63131090879ad6ef9f32109b88d) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:02:00.0637 2172	pccsmcfd - ok
15:02:00.0668 2172	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:02:00.0683 2172	pci - ok
15:02:00.0699 2172	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:02:00.0715 2172	pciide - ok
15:02:00.0777 2172	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:02:00.0793 2172	pcmcia - ok
15:02:00.0808 2172	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:02:00.0824 2172	pcw - ok
15:02:00.0902 2172	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:02:00.0964 2172	PEAUTH - ok
15:02:01.0011 2172	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:02:01.0042 2172	PerfHost - ok
15:02:01.0136 2172	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:02:01.0214 2172	pla - ok
15:02:01.0276 2172	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:02:01.0339 2172	PlugPlay - ok
15:02:01.0370 2172	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:02:01.0385 2172	PNRPAutoReg - ok
15:02:01.0417 2172	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:02:01.0432 2172	PNRPsvc - ok
15:02:01.0495 2172	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:02:01.0557 2172	PolicyAgent - ok
15:02:01.0588 2172	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:02:01.0635 2172	Power - ok
15:02:01.0697 2172	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:02:01.0744 2172	PptpMiniport - ok
15:02:01.0775 2172	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:02:01.0807 2172	Processor - ok
15:02:01.0853 2172	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:02:01.0931 2172	ProfSvc - ok
15:02:01.0963 2172	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:02:01.0978 2172	ProtectedStorage - ok
15:02:02.0025 2172	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:02:02.0087 2172	Psched - ok
15:02:02.0165 2172	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:02:02.0212 2172	ql2300 - ok
15:02:02.0306 2172	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:02:02.0321 2172	ql40xx - ok
15:02:02.0353 2172	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:02:02.0368 2172	QWAVE - ok
15:02:02.0384 2172	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:02:02.0415 2172	QWAVEdrv - ok
15:02:02.0540 2172	RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
15:02:02.0540 2172	RapiMgr - ok
15:02:02.0571 2172	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:02:02.0633 2172	RasAcd - ok
15:02:02.0665 2172	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:02:02.0711 2172	RasAgileVpn - ok
15:02:02.0727 2172	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:02:02.0774 2172	RasAuto - ok
15:02:02.0805 2172	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:02:02.0867 2172	Rasl2tp - ok
15:02:02.0914 2172	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:02:02.0977 2172	RasMan - ok
15:02:03.0023 2172	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:02:03.0070 2172	RasPppoe - ok
15:02:03.0086 2172	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:02:03.0148 2172	RasSstp - ok
15:02:03.0195 2172	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:02:03.0226 2172	rdbss - ok
15:02:03.0242 2172	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:02:03.0257 2172	rdpbus - ok
15:02:03.0273 2172	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:02:03.0335 2172	RDPCDD - ok
15:02:03.0367 2172	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:02:03.0413 2172	RDPENCDD - ok
15:02:03.0445 2172	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:02:03.0491 2172	RDPREFMP - ok
15:02:03.0523 2172	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:02:03.0585 2172	RDPWD - ok
15:02:03.0663 2172	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:02:03.0679 2172	rdyboost - ok
15:02:03.0710 2172	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:02:03.0757 2172	RemoteAccess - ok
15:02:03.0819 2172	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:02:03.0881 2172	RemoteRegistry - ok
15:02:03.0913 2172	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:02:03.0991 2172	RpcEptMapper - ok
15:02:04.0022 2172	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:02:04.0037 2172	RpcLocator - ok
15:02:04.0100 2172	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:02:04.0147 2172	RpcSs - ok
15:02:04.0162 2172	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:02:04.0225 2172	rspndr - ok
15:02:04.0271 2172	RSUSBSTOR       (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
15:02:04.0287 2172	RSUSBSTOR - ok
15:02:04.0334 2172	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:02:04.0334 2172	SamSs - ok
15:02:04.0381 2172	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:02:04.0396 2172	sbp2port - ok
15:02:04.0552 2172	SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:02:04.0583 2172	SBSDWSCService - ok
15:02:04.0599 2172	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:02:04.0646 2172	SCardSvr - ok
15:02:04.0693 2172	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:02:04.0755 2172	scfilter - ok
15:02:04.0833 2172	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:02:04.0895 2172	Schedule - ok
15:02:04.0927 2172	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:02:04.0973 2172	SCPolicySvc - ok
15:02:04.0989 2172	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:02:05.0020 2172	SDRSVC - ok
15:02:05.0083 2172	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:02:05.0145 2172	secdrv - ok
15:02:05.0176 2172	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:02:05.0223 2172	seclogon - ok
15:02:05.0254 2172	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:02:05.0317 2172	SENS - ok
15:02:05.0332 2172	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:02:05.0395 2172	SensrSvc - ok
15:02:05.0410 2172	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:02:05.0441 2172	Serenum - ok
15:02:05.0488 2172	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:02:05.0504 2172	Serial - ok
15:02:05.0535 2172	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:02:05.0566 2172	sermouse - ok
15:02:05.0707 2172	ServiceLayer    (9d38320bb32230349379df5ddbbf7fce) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:02:05.0738 2172	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:02:05.0738 2172	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:02:05.0785 2172	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:02:05.0831 2172	SessionEnv - ok
15:02:05.0909 2172	sesvc           (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
15:02:05.0925 2172	sesvc ( UnsignedFile.Multi.Generic ) - warning
15:02:05.0925 2172	sesvc - detected UnsignedFile.Multi.Generic (1)
15:02:05.0972 2172	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:02:06.0034 2172	sffdisk - ok
15:02:06.0034 2172	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:02:06.0065 2172	sffp_mmc - ok
15:02:06.0097 2172	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:02:06.0128 2172	sffp_sd - ok
15:02:06.0159 2172	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:02:06.0175 2172	sfloppy - ok
15:02:06.0237 2172	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:02:06.0253 2172	Sftfs - ok
15:02:06.0331 2172	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:02:06.0362 2172	sftlist - ok
15:02:06.0393 2172	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:02:06.0393 2172	Sftplay - ok
15:02:06.0424 2172	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:02:06.0424 2172	Sftredir - ok
15:02:06.0455 2172	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:02:06.0471 2172	Sftvol - ok
15:02:06.0518 2172	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:02:06.0533 2172	sftvsa - ok
15:02:06.0580 2172	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:02:06.0643 2172	SharedAccess - ok
15:02:06.0689 2172	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:02:06.0767 2172	ShellHWDetection - ok
15:02:06.0814 2172	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:02:06.0814 2172	SiSRaid2 - ok
15:02:06.0830 2172	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:02:06.0845 2172	SiSRaid4 - ok
15:02:06.0877 2172	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:02:06.0923 2172	Smb - ok
15:02:06.0970 2172	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:02:07.0001 2172	SNMPTRAP - ok
15:02:07.0033 2172	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:02:07.0033 2172	spldr - ok
15:02:07.0111 2172	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:02:07.0142 2172	Spooler - ok
15:02:07.0298 2172	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:02:07.0423 2172	sppsvc - ok
15:02:07.0516 2172	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:02:07.0563 2172	sppuinotify - ok
15:02:07.0625 2172	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:02:07.0688 2172	srv - ok
15:02:07.0735 2172	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:02:07.0766 2172	srv2 - ok
15:02:07.0813 2172	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:02:07.0828 2172	srvnet - ok
15:02:07.0859 2172	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:02:07.0922 2172	SSDPSRV - ok
15:02:07.0953 2172	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:02:08.0000 2172	SstpSvc - ok
15:02:08.0078 2172	ss_bbus         (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
15:02:08.0093 2172	ss_bbus - ok
15:02:08.0171 2172	ss_bmdfl        (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
15:02:08.0187 2172	ss_bmdfl - ok
15:02:08.0218 2172	ss_bmdm         (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
15:02:08.0234 2172	ss_bmdm - ok
15:02:08.0265 2172	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:02:08.0281 2172	stexstor - ok
15:02:08.0327 2172	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:02:08.0374 2172	stisvc - ok
15:02:08.0405 2172	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:02:08.0421 2172	swenum - ok
15:02:08.0468 2172	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:02:08.0515 2172	swprv - ok
15:02:08.0608 2172	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:02:08.0671 2172	SysMain - ok
15:02:08.0827 2172	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:02:08.0889 2172	TabletInputService - ok
15:02:08.0936 2172	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:02:08.0998 2172	TapiSrv - ok
15:02:09.0014 2172	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:02:09.0076 2172	TBS - ok
15:02:09.0217 2172	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:02:09.0263 2172	Tcpip - ok
15:02:09.0451 2172	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:02:09.0497 2172	TCPIP6 - ok
15:02:09.0591 2172	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:02:09.0653 2172	tcpipreg - ok
15:02:09.0685 2172	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:02:09.0731 2172	TDPIPE - ok
15:02:09.0747 2172	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:02:09.0778 2172	TDTCP - ok
15:02:09.0825 2172	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:02:09.0872 2172	tdx - ok
15:02:09.0903 2172	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:02:09.0919 2172	TermDD - ok
15:02:09.0950 2172	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:02:10.0028 2172	TermService - ok
15:02:10.0059 2172	TFsExDisk - ok
15:02:10.0075 2172	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:02:10.0090 2172	Themes - ok
15:02:10.0121 2172	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:02:10.0168 2172	THREADORDER - ok
15:02:10.0184 2172	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:02:10.0231 2172	TrkWks - ok
15:02:10.0309 2172	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:02:10.0355 2172	TrustedInstaller - ok
15:02:10.0402 2172	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:02:10.0449 2172	tssecsrv - ok
15:02:10.0511 2172	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:02:10.0527 2172	TsUsbFlt - ok
15:02:10.0589 2172	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:02:10.0652 2172	tunnel - ok
15:02:10.0683 2172	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:02:10.0683 2172	uagp35 - ok
15:02:10.0714 2172	UBHelper        (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
15:02:10.0730 2172	UBHelper - ok
15:02:10.0777 2172	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:02:10.0839 2172	udfs - ok
15:02:10.0870 2172	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:02:10.0917 2172	UI0Detect - ok
15:02:10.0948 2172	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:02:10.0964 2172	uliagpkx - ok
15:02:10.0995 2172	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:02:11.0042 2172	umbus - ok
15:02:11.0073 2172	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:02:11.0104 2172	UmPass - ok
15:02:11.0276 2172	UNS             (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:02:11.0323 2172	UNS - ok
15:02:11.0385 2172	Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:02:11.0401 2172	Updater Service - ok
15:02:11.0494 2172	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:02:11.0557 2172	upnphost - ok
15:02:11.0603 2172	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:02:11.0666 2172	usbccgp - ok
15:02:11.0681 2172	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:02:11.0728 2172	usbcir - ok
15:02:11.0744 2172	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:02:11.0775 2172	usbehci - ok
15:02:11.0837 2172	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:02:11.0869 2172	usbhub - ok
15:02:11.0900 2172	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:02:11.0947 2172	usbohci - ok
15:02:11.0978 2172	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:02:12.0009 2172	usbprint - ok
15:02:12.0056 2172	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:02:12.0118 2172	USBSTOR - ok
15:02:12.0134 2172	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:02:12.0165 2172	usbuhci - ok
15:02:12.0227 2172	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:02:12.0259 2172	usbvideo - ok
15:02:12.0290 2172	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:02:12.0352 2172	UxSms - ok
15:02:12.0383 2172	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:02:12.0399 2172	VaultSvc - ok
15:02:12.0415 2172	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:02:12.0430 2172	vdrvroot - ok
15:02:12.0493 2172	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:02:12.0555 2172	vds - ok
15:02:12.0586 2172	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:02:12.0617 2172	vga - ok
15:02:12.0633 2172	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:02:12.0680 2172	VgaSave - ok
15:02:12.0711 2172	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:02:12.0727 2172	vhdmp - ok
15:02:12.0742 2172	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:02:12.0758 2172	viaide - ok
15:02:12.0789 2172	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:02:12.0789 2172	volmgr - ok
15:02:12.0851 2172	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:02:12.0867 2172	volmgrx - ok
15:02:12.0914 2172	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:02:12.0929 2172	volsnap - ok
15:02:12.0976 2172	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:02:12.0992 2172	vsmraid - ok
15:02:13.0070 2172	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:02:13.0148 2172	VSS - ok
15:02:13.0241 2172	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:02:13.0288 2172	vwifibus - ok
15:02:13.0304 2172	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:02:13.0335 2172	vwififlt - ok
15:02:13.0366 2172	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:02:13.0397 2172	vwifimp - ok
15:02:13.0444 2172	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:02:13.0491 2172	W32Time - ok
15:02:13.0522 2172	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:02:13.0585 2172	WacomPen - ok
15:02:13.0631 2172	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:02:13.0678 2172	WANARP - ok
15:02:13.0678 2172	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:02:13.0725 2172	Wanarpv6 - ok
15:02:13.0943 2172	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:02:13.0975 2172	WatAdminSvc - ok
15:02:14.0068 2172	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:02:14.0131 2172	wbengine - ok
15:02:14.0209 2172	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:02:14.0255 2172	WbioSrvc - ok
15:02:14.0380 2172	WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
15:02:14.0396 2172	WcesComm - ok
15:02:14.0458 2172	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:02:14.0505 2172	wcncsvc - ok
15:02:14.0536 2172	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:02:14.0583 2172	WcsPlugInService - ok
15:02:14.0630 2172	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:02:14.0645 2172	Wd - ok
15:02:14.0677 2172	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:02:14.0708 2172	Wdf01000 - ok
15:02:14.0723 2172	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:02:14.0817 2172	WdiServiceHost - ok
15:02:14.0817 2172	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:02:14.0848 2172	WdiSystemHost - ok
15:02:14.0895 2172	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:02:14.0926 2172	WebClient - ok
15:02:14.0957 2172	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:02:15.0020 2172	Wecsvc - ok
15:02:15.0035 2172	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:02:15.0098 2172	wercplsupport - ok
15:02:15.0129 2172	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:02:15.0191 2172	WerSvc - ok
15:02:15.0254 2172	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:02:15.0285 2172	WfpLwf - ok
15:02:15.0301 2172	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:02:15.0316 2172	WIMMount - ok
15:02:15.0363 2172	WinDefend - ok
15:02:15.0363 2172	WinHttpAutoProxySvc - ok
15:02:15.0425 2172	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:02:15.0472 2172	Winmgmt - ok
15:02:15.0597 2172	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:02:15.0691 2172	WinRM - ok
15:02:15.0831 2172	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:02:15.0847 2172	WinUsb - ok
15:02:15.0925 2172	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:02:15.0940 2172	Wlansvc - ok
15:02:15.0987 2172	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:02:15.0987 2172	WmiAcpi - ok
15:02:16.0049 2172	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:02:16.0081 2172	wmiApSrv - ok
15:02:16.0143 2172	WMPNetworkSvc - ok
15:02:16.0174 2172	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:02:16.0190 2172	WPCSvc - ok
15:02:16.0237 2172	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:02:16.0252 2172	WPDBusEnum - ok
15:02:16.0283 2172	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:02:16.0330 2172	ws2ifsl - ok
15:02:16.0346 2172	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:02:16.0361 2172	wscsvc - ok
15:02:16.0361 2172	WSearch - ok
15:02:16.0502 2172	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:02:16.0564 2172	wuauserv - ok
15:02:16.0673 2172	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:02:16.0736 2172	WudfPf - ok
15:02:16.0798 2172	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:02:16.0829 2172	WUDFRd - ok
15:02:16.0876 2172	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:02:16.0907 2172	wudfsvc - ok
15:02:16.0939 2172	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:02:17.0017 2172	WwanSvc - ok
15:02:17.0063 2172	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:02:17.0485 2172	\Device\Harddisk0\DR0 - ok
15:02:17.0485 2172	MBR (0x1B8)     (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR1
15:02:27.0219 2172	\Device\Harddisk1\DR1 - ok
15:02:27.0219 2172	Boot (0x1200)   (d11a3c0d755b08870c6636a38d27480c) \Device\Harddisk0\DR0\Partition0
15:02:27.0219 2172	\Device\Harddisk0\DR0\Partition0 - ok
15:02:27.0235 2172	Boot (0x1200)   (d5595b2c1d606b6bfbec330ae1844bef) \Device\Harddisk0\DR0\Partition1
15:02:27.0235 2172	\Device\Harddisk0\DR0\Partition1 - ok
15:02:27.0250 2172	Boot (0x1200)   (3788bffe46a880db33de5065e49ec0f3) \Device\Harddisk1\DR1\Partition0
15:02:27.0250 2172	\Device\Harddisk1\DR1\Partition0 - ok
15:02:27.0250 2172	============================================================
15:02:27.0250 2172	Scan finished
15:02:27.0250 2172	============================================================
15:02:27.0266 3784	Detected object count: 2
15:02:27.0266 3784	Actual detected object count: 2
15:02:45.0924 3784	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:45.0924 3784	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:02:45.0924 3784	sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:45.0924 3784	sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Viele Grüße
Thomas

Alt 19.06.2012, 21:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.06.2012, 15:27   #9
sportsocke
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Hallo Arne,

anbei das Log von Combofix - habe leider zu voreilig das Programm von einem USB Stick gestartet - hoffe, dass es keine Beeinträchtigung mit sich gezogen hat :/

Code:
ATTFilter
ComboFix 12-06-20.01 - Christian 20.06.2012  16:09:55.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3767.2374 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120620160421.109999
c:\programdata\boost_interprocess\20120620160421.109999\Nobu64AgentService
c:\programdata\boost_interprocess\20120620160421.109999\Nobu64TrayIcon
c:\programdata\FullRemove.exe
c:\users\Christian\1043.MST
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-20 bis 2012-06-20  ))))))))))))))))))))))))))))))
.
.
2012-06-18 14:02 . 2012-06-18 14:02	--------	d-----w-	C:\_OTL
2012-06-16 11:51 . 2012-06-16 11:51	--------	d-----w-	c:\program files (x86)\Snapshot
2012-06-16 09:12 . 2012-06-16 09:12	--------	d-----w-	c:\users\Christian\AppData\Roaming\www.shadowexplorer.com
2012-06-16 09:12 . 2012-06-16 09:12	--------	d-----w-	c:\program files (x86)\ShadowExplorer
2012-06-15 14:27 . 2012-06-15 14:27	--------	d-----w-	c:\program files (x86)\ESET
2012-06-14 16:40 . 2012-06-14 16:40	--------	d-----w-	c:\users\Christian\AppData\Roaming\Malwarebytes
2012-06-14 16:39 . 2012-06-14 16:39	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-14 16:39 . 2012-06-14 16:39	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-14 16:39 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-14 16:39 . 2012-06-18 14:02	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-06-14 16:39 . 2012-06-14 16:52	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-06-12 14:54 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED6FBDC8-40CE-4BF0-B23C-E7579D679CB1}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 14:15 . 2012-01-17 21:44	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 14:15 . 2012-01-17 21:44	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-23 16:01 . 2011-12-25 21:10	24064	----a-w-	c:\windows\SysWow64\FsExService64.Exe
2012-04-23 16:01 . 2011-12-25 21:10	16392	----a-w-	c:\windows\SysWow64\drivers\TFsExDisk.Sys
2012-04-23 16:00 . 2007-10-25 16:26	5632	----a-w-	c:\windows\SysWow64\drivers\StarOpen.sys
2012-04-22 19:59 . 2012-04-22 19:59	3686400	----a-w-	c:\users\Christian\Samsung New PC Studio USB Driver Installer.msi
2012-03-31 06:05 . 2012-05-09 22:37	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-09 22:37	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 22:37	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-09 22:37	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-09 22:37	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-28 20:11 . 2012-04-23 21:48	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2012-03-28 20:11 . 2012-03-28 20:11	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2012-03-28 20:11 . 2012-03-28 20:11	325552	----a-w-	c:\windows\MASetupCaller.dll
2012-03-28 20:11 . 2012-03-28 20:11	30568	----a-w-	c:\windows\MusiccityDownload.exe
2012-03-28 20:11 . 2012-03-28 20:11	974848	----a-w-	c:\windows\SysWow64\cis-2.4.dll
2012-03-28 20:11 . 2012-03-28 20:11	81920	----a-w-	c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11	65536	----a-w-	c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11	57344	----a-w-	c:\windows\SysWow64\MTXSYNCICON.dll
2012-03-28 20:11 . 2012-03-28 20:11	57344	----a-w-	c:\windows\SysWow64\MK_Lyric.dll
2012-03-28 20:11 . 2012-03-28 20:11	57344	----a-w-	c:\windows\SysWow64\issacapi_se-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11	569344	----a-w-	c:\windows\SysWow64\muzdecode.ax
2012-03-28 20:11 . 2012-03-28 20:11	491520	----a-w-	c:\windows\SysWow64\muzapp.dll
2012-03-28 20:11 . 2012-03-28 20:11	49152	----a-w-	c:\windows\SysWow64\MaJGUILib.dll
2012-03-28 20:11 . 2012-03-28 20:11	45320	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2012-03-28 20:11 . 2012-03-28 20:11	45056	----a-w-	c:\windows\SysWow64\MaXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11	45056	----a-w-	c:\windows\SysWow64\MACXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11	40960	----a-w-	c:\windows\SysWow64\MTTELECHIP.dll
2012-03-28 20:11 . 2012-03-28 20:11	352256	----a-w-	c:\windows\SysWow64\MSLUR71.dll
2012-03-28 20:11 . 2012-03-28 20:11	258048	----a-w-	c:\windows\SysWow64\muzoggsp.ax
2012-03-28 20:11 . 2012-03-28 20:11	245760	----a-w-	c:\windows\SysWow64\MSCLib.dll
2012-03-28 20:11 . 2012-03-28 20:11	24576	----a-w-	c:\windows\SysWow64\MASetupCleaner.exe
2012-03-28 20:11 . 2012-03-28 20:11	200704	----a-w-	c:\windows\SysWow64\muzwmts.dll
2012-03-28 20:11 . 2012-03-28 20:11	155648	----a-w-	c:\windows\SysWow64\MSFLib.dll
2012-03-28 20:11 . 2012-03-28 20:11	143360	----a-w-	c:\windows\SysWow64\3DAudio.ax
2012-03-28 20:11 . 2012-03-28 20:11	135168	----a-w-	c:\windows\SysWow64\muzaf1.dll
2012-03-28 20:11 . 2012-03-28 20:11	131072	----a-w-	c:\windows\SysWow64\muzmpgsp.ax
2012-03-28 20:11 . 2012-03-28 20:11	122880	----a-w-	c:\windows\SysWow64\muzeffect.ax
2012-03-28 20:11 . 2012-03-28 20:11	118784	----a-w-	c:\windows\SysWow64\MaDRM.dll
2012-03-28 20:11 . 2012-03-28 20:11	110592	----a-w-	c:\windows\SysWow64\muzmp4sp.ax
2012-03-28 20:11 . 2012-04-23 21:47	821824	----a-w-	c:\windows\SysWow64\dgderapi.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe [2012-5-17 200704]
ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [2012-4-17 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 136176]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-02-08 343032]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-10-27 1620584]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe [2011-01-02 9216]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job
- c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 23:23]
.
2012-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job
- c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-05 23:23]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 23:31]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 23:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:57	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = 
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - 
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-NPSStartup - (no file)
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-20  16:23:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-20 14:23
.
Vor Suchlauf: 10 Verzeichnis(se), 352.231.174.144 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 351.733.059.584 Bytes frei
.
- - End Of File - - D9867B3C5AB41E8EDDD675D48FB58EFD
         
Viele Grüße
Thomas

Alt 20.06.2012, 15:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.06.2012, 19:09   #11
sportsocke
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Hallo Arne,

GMER funktionierte irgendwie nicht

Anbei OSAM + aswMBR logs

OSAM:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:34:34 on 20.06.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Google Inc. Google Chrome 19.0.1084.56

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job" - "Facebook Inc." - C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job" - "Facebook Inc." - C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"bdfsfltr" (bdfsfltr) - "BitDefender" - C:\Windows\System32\DRIVERS\bdfsfltr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"NTIDrvr" (NTIDrvr) - "NTI Corporation" - C:\Windows\system32\drivers\NTIDrvr.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"TFsExDisk" (TFsExDisk) - ? - C:\Windows\System32\Drivers\TFsExDisk.sys  (File not found)
"UBHelper" (UBHelper) - "NTI Corporation" - C:\Windows\system32\drivers\UBHelper.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout64" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Facebook Messenger.lnk" - "Facebook" - C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe  (Shortcut exists | File exists)
"ZooskMessenger.lnk" - ? - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Nitro PDF Port Monitor" - "Nitro PDF Software" - C:\Windows\system32\nitrolocalmon2.dll
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Application Updater" (Application Updater) - ? - "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe"  (File not found)
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
"BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
"NitroPDFReaderDriverCreatorReadSpool2" (NitroReaderDriverReadSpool2) - "Nitro PDF Software" - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
"Norton Online Backup" (NOBU) - "Symantec Corporation" - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
"ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files (x86)\ShadowExplorer\sesvc.exe
"Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
awsMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-20 19:36:35
-----------------------------
19:36:35.764    OS Version: Windows x64 6.1.7601 Service Pack 1
19:36:35.764    Number of processors: 4 586 0x2505
19:36:35.780    ComputerName: CHRISTIAN-PC  UserName: Christian
19:36:37.683    Initialize success
19:36:58.156    AVAST engine defs: 12062001
19:37:15.613    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:37:15.628    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
19:37:15.644    Disk 0 MBR read successfully
19:37:15.660    Disk 0 MBR scan
19:37:15.660    Disk 0 Windows 7 default MBR code
19:37:15.675    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
19:37:15.691    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27265024
19:37:15.691    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       463526 MB offset 27469824
19:37:15.722    Disk 0 scanning C:\Windows\system32\drivers
19:37:26.704    Service scanning
19:37:55.783    Modules scanning
19:37:55.798    Disk 0 trace - called modules:
19:37:55.830    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
19:37:55.830    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80070e6060]
19:37:55.845    3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800510d050]
19:37:57.764    AVAST engine scan C:\Windows
19:38:02.210    AVAST engine scan C:\Windows\system32
19:40:50.800    AVAST engine scan C:\Windows\system32\drivers
19:41:03.904    AVAST engine scan C:\Users\Christian
20:02:29.673    AVAST engine scan C:\ProgramData
20:05:01.992    Scan finished successfully
20:06:47.199    Disk 0 MBR has been saved successfully to "F:\Neuer Ordner\MBR.dat"
20:06:47.230    The log file has been saved successfully to "F:\Neuer Ordner\aswMBR.txt"
         
Viele Grüße

Alt 21.06.2012, 10:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.06.2012, 18:31   #13
sportsocke
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Hallo Arne,

anbei die Logs von Malwarebytes und SASW - SASW hat 931 Teile gefunden - aber größtenteils nur tracking Cookies - die kann ich mit dem Tool doch direkt löschen oder? (Habe noch nix unternommen und das Tool noch offen gelassen)

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.21.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Christian :: CHRISTIAN-PC [Administrator]

Schutz: Deaktiviert

21.06.2012 16:09:37
mbam-log-2012-06-21 (16-09-37).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 403525
Laufzeit: 45 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/21/2012 at 07:22 PM

Application Version : 5.1.1002

Core Rules Database Version : 8772
Trace Rules Database Version: 6584

Scan type       : Complete Scan
Total Scan Time : 02:12:11

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 693
Memory threats detected   : 0
Registry items scanned    : 69689
Registry threats detected : 0
File items scanned        : 178405
File threats detected     : 931

Adware.Tracking Cookie
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@cts.metricsdirect[2].txt [ /cts.metricsdirect ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@cts.zroitracker[2].txt [ /cts.zroitracker ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@msnportal.112.2o7[2].txt [ /msnportal.112.2o7 ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\christian@www.windowsmedia[2].txt [ /www.windowsmedia ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\PI02B2VN.txt [ /fastclick.net ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\0ULAVK72.txt [ /track.adform.net ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\KOGMOH16.txt [ /smartadserver.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\IZ4KIDMD.txt [ /ad.zanox.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\9416XNUM.txt [ /microsoftwllivemkt.112.2o7.net ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\UI2O16CP.txt [ /zanox.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\FYHGO4CA.txt [ /mediaplex.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\GSMBR3VZ.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\9UA8BKLE.txt [ /tracking.quisma.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\XNYPNJ9U.txt [ /apmebf.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\KZH75YX2.txt [ /www.zanox-affiliate.de ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\9YCB9K68.txt [ /www.adxpansion.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\YCJ8ZGWI.txt [ /adxpansion.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\82EP05NU.txt [ /adfarm1.adition.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\Y8N0ZQ8S.txt [ /doubleclick.net ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\ETN01ZG6.txt [ /atdmt.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\EQCP9RTR.txt [ /bs.serving-sys.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\6OMGF33P.txt [ /serving-sys.com ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\2PS4PTYR.txt [ /adform.net ]
	C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Cookies\YPWRW072.txt [ /zanox-affiliate.de ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VZ9FEVNK.txt [ Cookie:christian@hightraffic.hugoboss.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BD3IUD22.txt [ Cookie:christian@fastclick.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7U9LU7JF.txt [ Cookie:christian@track.adform.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJKO0U7O.txt [ Cookie:christian@tradedoubler.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TN697KMX.txt [ Cookie:christian@specificclick.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BV85XJ3.txt [ Cookie:christian@pornfish.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OI9CNXIT.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1018081631/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZZ15HZKB.txt [ Cookie:christian@eas4.emediate.eu/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2A4O7K2G.txt [ Cookie:christian@questionmarket.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W28QZVCG.txt [ Cookie:christian@ad.zanox.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0YF6I6M.txt [ Cookie:christian@clkads.com/adServe/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@de.sitestat[1].txt [ Cookie:christian@de.sitestat.com/is24/is24/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YZ9S91QH.txt [ Cookie:christian@msnportal.112.2o7.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@adultmatchfirm[2].txt [ Cookie:christian@adultmatchfirm.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QAPES0RD.txt [ Cookie:christian@zanox.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T3FQGBJK.txt [ Cookie:christian@fl01.ct2.comclick.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@www.trendstats[2].txt [ Cookie:christian@www.trendstats.nl/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LC5APZK8.txt [ Cookie:christian@ads.247activemedia.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4NUI6JJ7.txt [ Cookie:christian@yadro.ru/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\P6KR89AP.txt [ Cookie:christian@ad1.adfarm1.adition.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NWIQLVPN.txt [ Cookie:christian@exoclick.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QOGLXWWQ.txt [ Cookie:christian@traffictrack.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IROD8M99.txt [ Cookie:christian@leylines.solution.weborama.fr/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@partypoker[2].txt [ Cookie:christian@partypoker.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ZQ65VQP.txt [ Cookie:christian@tracking.quisma.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AKO0QZCR.txt [ Cookie:christian@de.pornhub.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3FDQ0CDG.txt [ Cookie:christian@hitbox.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IY99ZHNN.txt [ Cookie:christian@clkads.com/adServe/banners ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B00G8MSD.txt [ Cookie:christian@clkads.com/adServe/static/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@dealtime[1].txt [ Cookie:christian@dealtime.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NN623ANL.txt [ Cookie:christian@my.brandwire.tv/Brandwire/deliverAd/flashBannerXml/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9H4BVXST.txt [ Cookie:christian@ads.ventivmedia.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LU2TJPSY.txt [ Cookie:christian@adtech.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\78DIY6SF.txt [ Cookie:christian@adsrv1.admediate.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PPAVJ9D.txt [ Cookie:christian@media6degrees.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KCCYSA0I.txt [ Cookie:christian@vodafonegroup.122.2o7.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\88OKWHCR.txt [ Cookie:christian@imrworldwide.com/cgi-bin ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N5LMNO04.txt [ Cookie:christian@www.etracker.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWY0CVCW.txt [ Cookie:christian@www.pornhubgold.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\94W3PC9H.txt [ Cookie:christian@ad3.adfarm1.adition.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8N1HGBUJ.txt [ Cookie:christian@h.atdmt.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DLXW0UTY.txt [ Cookie:christian@adfarm1.adition.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9LE0X7DG.txt [ Cookie:christian@ero-advertising.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SU9KE5L6.txt [ Cookie:christian@adultfriendfinder.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MBBOK7T.txt [ Cookie:christian@doubleclick.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@ads.zeusclicks[1].txt [ Cookie:christian@ads.zeusclicks.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@stat.dealtime[1].txt [ Cookie:christian@stat.dealtime.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ETRLO18Q.txt [ Cookie:christian@unitymedia.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DBZPJKIZ.txt [ Cookie:christian@stats.bmw.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F0UO6QB0.txt [ Cookie:christian@pornhubgold.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXJ8FYQY.txt [ Cookie:christian@eyewonder.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BWFSR65R.txt [ Cookie:christian@statse.webtrendslive.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WD8QINBE.txt [ Cookie:christian@2o7.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@da-tracking[2].txt [ Cookie:christian@da-tracking.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5IPZXTNS.txt [ Cookie:christian@adform.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9RYCAH9G.txt [ Cookie:christian@youporn.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T1NR6OG6.txt [ Cookie:christian@accounts.google.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QKD95X92.txt [ Cookie:christian@counter.sexsuche.tv/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U56BTNFB.txt [ Cookie:christian@de.sitestat.com/hamburg/hamburg/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XW946E8P.txt [ Cookie:christian@atdmt.combing.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z53H2XDR.txt [ Cookie:christian@track.effiliation.com/servlet/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\668HSEIW.txt [ Cookie:christian@adxpose.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UVT3P9W9.txt [ Cookie:christian@zedo.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PT94EJJ6.txt [ Cookie:christian@pornbanana.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJ0R0E1A.txt [ Cookie:christian@revsci.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VG8P1BT2.txt [ Cookie:christian@trafficholder.com/cgi-bin/traffic/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2PYANH2Y.txt [ Cookie:christian@de.sitestat.com/laola1/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SY8W1XPM.txt [ Cookie:christian@ihg.db.advertising.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YLW5IQ2B.txt [ Cookie:christian@sunporno.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\00YSCQ7M.txt [ Cookie:christian@sex-area.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BHHEESB.txt [ Cookie:christian@markussexblog.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0QDDVNVV.txt [ Cookie:christian@advertising.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VPFKXV2F.txt [ Cookie:christian@www.sunporno.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NIO14EC5.txt [ Cookie:christian@ehg-gaddispartners.hitbox.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q8OXR0IP.txt [ Cookie:christian@invitemedia.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\06TF4ZMF.txt [ Cookie:christian@eas.apm.emediate.eu/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8Y8KKNH1.txt [ Cookie:christian@www.freeporn.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OWAZHAB5.txt [ Cookie:christian@openx.sexsearchcom.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4DGN64E6.txt [ Cookie:christian@www.1malemedia.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SEKVE1A1.txt [ Cookie:christian@www.office-discount.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WINM6IEN.txt [ Cookie:christian@sexkiste.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8047SJNV.txt [ Cookie:christian@ads.crakmedia.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KMSBIGIP.txt [ Cookie:christian@insightexpressai.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1UF6X56L.txt [ Cookie:christian@xxx-freeporn.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8Z3ENHMM.txt [ Cookie:christian@overture.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ED1EOMRL.txt [ Cookie:christian@orgasms.xxx/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1BZ56LC.txt [ Cookie:christian@de.sitestat.com/sueddeutscher/stuttgarter-nachrichten/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J6VB85YQ.txt [ Cookie:christian@www.office-discount.de/webapp/wcs/stores/servlet/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\P17NHX0O.txt [ Cookie:christian@vagosex.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3DGOUXKZ.txt [ Cookie:christian@www.adxpansion.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y9492324.txt [ Cookie:christian@adserver.anschlusstor.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\52YRGBIH.txt [ Cookie:christian@www.sexarena.tv/ultimate/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\A3Y2WN4N.txt [ Cookie:christian@www.vagosex.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@adserver2.exgfnetwork[1].txt [ Cookie:christian@adserver2.exgfnetwork.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BJVRQA83.txt [ Cookie:christian@clicksor.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GK62BC5.txt [ Cookie:christian@ad4.adfarm1.adition.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZOBO4IJS.txt [ Cookie:christian@ads2.zeusclicks.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WY5NBZK8.txt [ Cookie:christian@amateur-porno-tgp.com/st/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z8R0YR5U.txt [ Cookie:christian@pornhublive.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PAWAW6JZ.txt [ Cookie:christian@amateur-porno-tgp.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KI5N7GCV.txt [ Cookie:christian@adxpansion.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJ8MVW54.txt [ Cookie:christian@pornrabbit.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VT1GFFIQ.txt [ Cookie:christian@ad.adserver01.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OQ161INY.txt [ Cookie:christian@de.sitestat.com/titus/de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6IGHOS67.txt [ Cookie:christian@de.sitestat.com/hamburg/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VXK5BAHH.txt [ Cookie:christian@gonzoxxxmovies.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\christian@track.effiliation[1].txt [ Cookie:christian@track.effiliation.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4J5O89G0.txt [ Cookie:christian@atdmt.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IN08RXT7.txt [ Cookie:christian@bs.serving-sys.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWGD8SG2.txt [ Cookie:christian@tracker.pegsanalytics.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\B3C7H03P.txt [ Cookie:christian@de.sitestat.com/laola1/hsv-de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CITQAX1M.txt [ Cookie:christian@deutschepostag.112.2o7.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FXWZ33EC.txt [ Cookie:christian@adserver02.profiwerber.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BARZ4AAI.txt [ Cookie:christian@zanox-affiliate.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2D67TT40.txt [ Cookie:christian@content.yieldmanager.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E6CKJWLG.txt [ Cookie:christian@freeporn.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LDXQKKH8.txt [ Cookie:christian@mediacorp.112.2o7.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZI9012M7.txt [ Cookie:christian@guj.122.2o7.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6018D06F.txt [ Cookie:christian@google.de/intl/de/ads/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S0O3FQDJ.txt [ Cookie:christian@in.getclicky.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UOQWX1Q3.txt [ Cookie:christian@server.adform.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\REF3B0VF.txt [ Cookie:christian@userporn.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZHKY1R4.txt [ Cookie:christian@amazon-adsystem.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2BWCWQS.txt [ Cookie:christian@toplist.eu/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7XBV65VW.txt [ Cookie:christian@rts.pgmediaserve.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IMETRC1H.txt [ Cookie:christian@ad1.dyntracker.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NH2NIO2E.txt [ Cookie:christian@tribalfusion.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4G5WFL16.txt [ Cookie:christian@a.revenuemax.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OMMLQ2L7.txt [ Cookie:christian@xm.xtendmedia.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5GVJVAZI.txt [ Cookie:christian@girlsteachsex.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1R0R5N1R.txt [ Cookie:christian@clickbank.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\83GI44ET.txt [ Cookie:christian@yieldmanager.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9QC4EE90.txt [ Cookie:christian@ru4.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MD5ETWZA.txt [ Cookie:christian@vesseltracker.abendblatt.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ULC6SERD.txt [ Cookie:christian@www.adultrevads.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9R1JIVI1.txt [ Cookie:christian@www.pornbanana.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJA12WNY.txt [ Cookie:christian@tracking.hrs.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CCLNDFYQ.txt [ Cookie:christian@media.gan-online.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\83KVOIST.txt [ Cookie:christian@kontera.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EO0SNASQ.txt [ Cookie:christian@dyntracker.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FY5ECRUD.txt [ Cookie:christian@tracking.oe24.at// ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\22A891NH.txt [ Cookie:christian@counters.gigya.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4RLL7INK.txt [ Cookie:christian@de.sitestat.com/laola1/laola1-tv/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2TD3Z41M.txt [ Cookie:christian@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNXST0Q1.txt [ Cookie:christian@myroitracking.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XHA4EYZL.txt [ Cookie:christian@adx.chip.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0TVN5ZV4.txt [ Cookie:christian@banner.holidaycheck.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3JS6S90O.txt [ Cookie:christian@ads.quartermedia.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JE8RZSLR.txt [ Cookie:christian@advertising.fussball-liveticker.eu/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UL5XWGYR.txt [ Cookie:christian@ads2.bartime.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZUH669AG.txt [ Cookie:christian@free.socialsexnetwork.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W1UCT9G9.txt [ Cookie:christian@de.sitestat.com/is24-community/is24-community/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JH24U7FA.txt [ Cookie:christian@cbs.112.2o7.net/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6XV21O51.txt [ Cookie:christian@legolas-media.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0DHR19W.txt [ Cookie:christian@pornhub.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VMATP4TL.txt [ Cookie:christian@ad2.adfarm1.adition.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\33FQDQRW.txt [ Cookie:christian@c.atdmt.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C91BRQ9A.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1069159172/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F26XJWU1.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1058396328/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZPCF9IY9.txt [ Cookie:christian@vesseltracker.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S8X25DA8.txt [ Cookie:christian@ad.yieldmanager.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DD2TPYAO.txt [ Cookie:christian@www.clickygo.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KR63KLKW.txt [ Cookie:christian@euros4click.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NCH6B8MJ.txt [ Cookie:christian@fr.sitestat.com/eurosport/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\E4E0O6E3.txt [ Cookie:christian@www.rungisexpress.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\766CNK2S.txt [ Cookie:christian@www.burstnet.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\R9CWOJMP.txt [ Cookie:christian@delivery.atkmedia.de/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5BOI0HV.txt [ Cookie:christian@toplist.cz/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8GWIEG2M.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1047508216/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CUHJX3U8.txt [ Cookie:christian@mediaservices-d.openxenterprise.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IY5IDGZ4.txt [ Cookie:christian@trackfox2.com/ ]
	C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\U3FH7374.txt [ Cookie:christian@www.googleadservices.com/pagead/conversion/1041485753/ ]
	C:\USERS\CHRISTIAN\Cookies\PI02B2VN.txt [ Cookie:christian@fastclick.net/ ]
	C:\USERS\CHRISTIAN\Cookies\0ULAVK72.txt [ Cookie:christian@track.adform.net/ ]
	C:\USERS\CHRISTIAN\Cookies\IZ4KIDMD.txt [ Cookie:christian@ad.zanox.com/ ]
	C:\USERS\CHRISTIAN\Cookies\christian@msnportal.112.2o7[2].txt [ Cookie:christian@msnportal.112.2o7.net/ ]
	C:\USERS\CHRISTIAN\Cookies\UI2O16CP.txt [ Cookie:christian@zanox.com/ ]
	C:\USERS\CHRISTIAN\Cookies\GSMBR3VZ.txt [ Cookie:christian@ad1.adfarm1.adition.com/ ]
	C:\USERS\CHRISTIAN\Cookies\9UA8BKLE.txt [ Cookie:christian@tracking.quisma.com/ ]
	C:\USERS\CHRISTIAN\Cookies\9YCB9K68.txt [ Cookie:christian@www.adxpansion.com/ ]
	C:\USERS\CHRISTIAN\Cookies\christian@cts.metricsdirect[2].txt [ Cookie:christian@cts.metricsdirect.com/ ]
	C:\USERS\CHRISTIAN\Cookies\YCJ8ZGWI.txt [ Cookie:christian@adxpansion.com/ ]
	C:\USERS\CHRISTIAN\Cookies\82EP05NU.txt [ Cookie:christian@adfarm1.adition.com/ ]
	C:\USERS\CHRISTIAN\Cookies\Y8N0ZQ8S.txt [ Cookie:christian@doubleclick.net/ ]
	C:\USERS\CHRISTIAN\Cookies\ETN01ZG6.txt [ Cookie:christian@atdmt.com/ ]
	C:\USERS\CHRISTIAN\Cookies\EQCP9RTR.txt [ Cookie:christian@bs.serving-sys.com/ ]
	C:\USERS\CHRISTIAN\Cookies\2PS4PTYR.txt [ Cookie:christian@adform.net/ ]
	C:\USERS\CHRISTIAN\Cookies\YPWRW072.txt [ Cookie:christian@zanox-affiliate.de/ ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.microsoftwllivemkt.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.eyewonder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.a.revenuemax.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.overture.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertstream.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.xiti.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.msnportal.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.guj.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.lfstmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.lfstmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad-emea.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad-emea.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ads2.bartime.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	wstat.wibiya.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas4.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.lfstmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.enoratraffic.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.eyewonder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.specificclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.gostats.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.histats.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.histats.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.statcounter.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.statcounter.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	7.rotator.wigetmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.histats.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bwincom.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.overture.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pornme.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pornme.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.pornme.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tto2.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.3gnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.klicktel.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ads2.bartime.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.at.atwola.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.foodporndaily.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.foodporndaily.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ads.ventivmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ads.crakmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.alphaporno-de.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.alphaporno-de.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adnetwork.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stat.easydate.biz [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stat.ed.cupidplc.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	secure.img-cdn.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.overture.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ww1.alphaporno-de.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.parispornmovies.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.parispornmovies.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.alphateenies.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.alphateenies.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.alphaporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.alphaporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.trackingindahouse.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.77tracking.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adinterax.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adinterax.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stat.onestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stat.onestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.pornunder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.syndication.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.syndication.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.sexad.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.3gnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adserver1.mokono.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	server.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.static.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.xm.xtendmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	statse.webtrendslive.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad-emea.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6wdk4wgc5wco.stats.esomniture.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.stepstone.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas4.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.warnerbros.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad1.emediate.dk [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad1.emediate.dk [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	media.gan-online.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bs.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adxpansion.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ero-advertising.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	hellporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.hellporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.hellporno.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.activetraffic.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.activetraffic.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.brighteroption.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.brighteroption.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.gae.solution.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.brighteroption.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.brighteroption.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.ardmediathek.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	studivz.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	studivz.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adviva.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.mindshare.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.lucidmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.skydeutschland.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.clickfuse.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.clickfuse.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	mediathek.daserste.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	mediathek.daserste.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mm.chitika.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.statcounter.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.sim-technik.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.quartermedia.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad3.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	server.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.netdebit-counter.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.myroitracking.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.clicksor.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.clicksor.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.gostats.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	7.rotator.wigetmedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adform.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.dyntracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad1.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.questionmarket.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.questionmarket.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad4.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	mediathek.daserste.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	banners.victor.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.banners.victor.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unitymedia.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.unitymedia.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	partners.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ww251.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.clickfuse.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bs.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad2.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@LIVEPERSON[3].TXT [ /LIVEPERSON ]
	C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@XITI[1].TXT [ /XITI ]
	C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@WEBORAMA[2].TXT [ /WEBORAMA ]
	C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@WWW.ADULT-MATCHFIRM[1].TXT [ /WWW.ADULT-MATCHFIRM ]
	C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@ADS.GLISPA[2].TXT [ /ADS.GLISPA ]
	C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@WWW.PIXELTRACK66[2].TXT [ /WWW.PIXELTRACK66 ]
	C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@LIVEPERSON[1].TXT [ /LIVEPERSON ]
	C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@SERVER.IAD.LIVEPERSON[2].TXT [ /SERVER.IAD.LIVEPERSON ]
	C:\USERS\CHRISTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CHRISTIAN@TRACKING.3GNET[1].TXT [ /TRACKING.3GNET ]
	.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.vagosex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ads.crakmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	fl01.ct2.comclick.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.sevenoneintermedia.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	track.advolution.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad.adserver01.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.free-porn.at.pn [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	adserver.itsfogo.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.gfuck.org [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.parispornmovies.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.sunporno.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adxpansion.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.freetube8porn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.gostats.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.porno-hub.at [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.porno-hub.at [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornocino.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.longporntube.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.mofosex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.lusthaus2.bannerdealer.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornerbros.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.de.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.de.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.profilbanner.me [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.usenext.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.usenext.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.snapfish.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	rotator.adjuggler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	rotator.adjuggler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.moviepilot.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	adsrv.admediate.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	adsrv.admediate.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	mediapartner.bigpoint.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.blog.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornhub.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.sexkiste.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.sexkiste.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.free-sexfilms.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.dmtracker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.free-sexfilms.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.diesexkiste.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	count.multirella.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.fuckshow.org [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.elitepornos.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornme.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.microsoftwllivemkt.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.pornlongvideos.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.porntube.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.gfuck.org [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.freeadulttube.org [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	tracking.gameforge.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	pornhubhd.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornhubhd.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.crazyhomesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adultadworld.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.trackmatics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.thomascookag.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.independent.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornrabbit.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.facebookofsex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.pornme.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornhubgold.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornhitz.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	counters.gigya.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	stats.o2crew.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	stats.o2crew.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.msnportal.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.elitepartner.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.elitepartner.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.elitemedianet.d3.sc.omtrdc.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornrabbit.videosz.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.cuntstube.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.naiadsystems.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.teenhana.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.porn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.porn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad.adition.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad.adition.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.yieldmanager.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adserver.adtechus.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.bigfreesex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pumpmyteenass.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.freesexdump.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.dafuckbook.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.dafuckbook.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.freesexdoor.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.freesexdoor.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.freesexdoor.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.freeporn.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.sexgoesmobile.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.vodafonegroup.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.realmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.realmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.realmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.stepstone.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	tracker.pegsanalytics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	tracker.pegsanalytics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.hausfrauensex69.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.sexseiten.cc [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.ipad-sex.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.sexseiten.cc [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornhome.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.sexkontakt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.sexgeizkragen.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.sexgeizkragen.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.sexkontakte.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.sexcounter.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.hansesex.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.viewablemedia.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.a.revenuemax.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.track.gridlockparadise.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	www.adultrevads.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.sexybundestag.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	static.sunporno.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.www.tracktec.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	labelfinder.gq-magazin.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.labelfinder.gq-magazin.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.labelfinder.gq-magazin.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.hardsextube.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	adserver2.exgfnetwork.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.de.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.de.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.de.partypoker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.heussmedia.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ads.ventivmedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	adserv.chirurgie-portal.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.mediaran.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.dealtime.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	stat.dealtime.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	tags.trackinganalytics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	tags.trackinganalytics.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.microsoftwlsearchcrm.112.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	count.asnetworks.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.syndication.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.syndication.traffichaus.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.sunporno.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.enoratraffic.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.pornrabbit.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.track.gridlockparadise.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	labelfinder.vogue.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.thelabelfinder.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.www.thelabelfinder.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.www.thelabelfinder.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.weborama.fr [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad.piximedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ads2.bartime.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.bauermedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.bauermedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	leads.383media.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	leads.383media.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.calumetphoto.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	tracking.sim-technik.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXRI1XM9.DEFAULT\COOKIES.SQLITE ]
         
Viele Grüße Thomas

Alt 21.06.2012, 19:35   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.06.2012, 12:57   #15
sportsocke
 
Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Standard

Verschlüsselungs Trojaner - Rechnung von Pearlfection.de



Hallo Arne,

danke für den Tipp und natürlich ein großes Dankeschön für deine super Hilfe!!!

Das System läuft jetzt wieder super, wie es soll - lediglich die Dateien sind durch die Verschlüsselung unbrauchbar (die die ich jetzt getestet habe)
Ich nehme an, dass der folgende Link aktuell ist und es darüber hinaus keine Möglichkeiten gibt die Dateien wieder her zu stellen?

http://www.trojaner-board.de/114783-...ubersicht.html

Ansonsten muss ich mich, bzw. in dem FAlle mein Bekannter, gedulden, bis es dafür eine Lösung gibt (wer kein Backup macht ist wohl selber schuld )

Des Weiteren habe ich meinem Bekannten mal gebeten mir die Zip wie gewünscht in eml Format zur Verfügung zu stellen, damit ich Euch die Daten übersenden kann!

Viele Grüße
Thomas

Antwort

Themen zu Verschlüsselungs Trojaner - Rechnung von Pearlfection.de
administrator, adware.clickpotato, adware.hotbar, adware.hotbar.cp, adware.questbrowse, adware.seekmo, adware.shopperreports, anlage, autostart, babylon toolbar, babylontoolbar, bingbar, candy, canon, dateien, dateisystem, e-mail, explorer, heuristiks/extra, heuristiks/shuriken, install.exe, launch, limited.com/facebook, locker, löschen, malware.trace, microsoft office starter 2010, mozilla, mywinlocker, nvpciflt.sys, opencandy, pdfforge toolbar, plug-in, programm, richtlinie, safer networking, searchscopes, security scan, shopperreports, smartbar, spotify web helper, temp, trojan.agent, update, usb 2.0, user agent, version=1.0, virus, wichtige daten, win32/toolbar.babylon




Ähnliche Themen: Verschlüsselungs Trojaner - Rechnung von Pearlfection.de


  1. gefälschte Rechnung von Vodaphone mit falschem Link zur angeblichen .pdf-Rechnung
    Plagegeister aller Art und deren Bekämpfung - 18.12.2014 (9)
  2. Macbook: 1&1 Rechnung Trojaner geöffnet
    Plagegeister aller Art und deren Bekämpfung - 19.11.2014 (5)
  3. Trojaner per Fake-Rechnung bekommen
    Plagegeister aller Art und deren Bekämpfung - 26.05.2014 (9)
  4. Windows 7: Trojaner Rechnung.exe
    Log-Analyse und Auswertung - 01.05.2014 (9)
  5. Trojaner aus Amazon-Rechnung "775499404.Rechnung.11.08.13.PDF.exe"
    Plagegeister aller Art und deren Bekämpfung - 10.12.2013 (16)
  6. Verschlüsselungs Trojaner -email FlirtFever Rechnung
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (1)
  7. (2x) Verschlüsselungs Trojaner nach öffnen von angeblicher Rechnung einer Partnerbörse
    Mülltonne - 10.06.2012 (1)
  8. (2x) Verschlüsselungs Trojaner als Rechnung
    Mülltonne - 10.06.2012 (1)
  9. Windows Verschlüsselungs Trojaner durch Rechnung von Flirtseite
    Log-Analyse und Auswertung - 08.06.2012 (1)
  10. Verschlüsselungs-Trojaner nach E-Mail Rechnung
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (1)
  11. Trojaner per Rechnung über Mail
    Log-Analyse und Auswertung - 19.05.2012 (18)
  12. Verschlüsselungs Trojaner "rechnung.zip"
    Log-Analyse und Auswertung - 03.05.2012 (5)
  13. Trojaner E-Mail (rechnung.zip)
    Log-Analyse und Auswertung - 02.05.2012 (6)
  14. Telekom-Rechnung mit Trojaner
    Nachrichten - 24.04.2012 (0)
  15. Trojaner aus gefakter 1&1 Rechnung
    Plagegeister aller Art und deren Bekämpfung - 09.01.2007 (14)
  16. 1und1 Rechnung - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.01.2007 (3)
  17. Trojaner aus 1&1 Rechnung.pdf.exe
    Plagegeister aller Art und deren Bekämpfung - 07.01.2007 (2)

Zum Thema Verschlüsselungs Trojaner - Rechnung von Pearlfection.de - Hallo liebe Community, ich habe ein Notebook von einem Bekannten in die Hand gedrückt bekommen, der von einem netten und für mich neue Art eines Trojaners befallen ist. Folgende Informationen - Verschlüsselungs Trojaner - Rechnung von Pearlfection.de...
Archiv
Du betrachtest: Verschlüsselungs Trojaner - Rechnung von Pearlfection.de auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.