| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU/ angebliche Bundespolizei/ TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2012, 12:28
| #16 |
 |  GVU/ angebliche Bundespolizei/ Trojaner Hey, hab den OTL Scan gemacht hier der Log: Code:
ATTFilter OTL logfile created on: 12.07.2012 12:58:13 - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Home\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 59,23% Memory free
7,35 Gb Paging File | 5,24 Gb Available in Paging File | 71,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,39 Gb Total Space | 74,11 Gb Free Space | 32,74% Space Free | Partition Type: NTFS
Drive G: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.12 12:39:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL(1).exe
PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.05.21 17:46:03 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.05.21 17:45:47 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.08 13:35:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:35:08 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 13:35:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.04.23 18:46:32 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.04.17 07:57:08 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.09 01:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.14 15:36:52 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.14 15:36:42 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.05.11 10:44:17 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5e8f8f2c9fc237166053716f39f5ea67\IAStorUtil.ni.dll
MOD - [2012.05.10 15:00:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 15:00:02 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012.05.10 14:59:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.10 14:59:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.10 14:59:50 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.10 14:59:44 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2010.05.29 07:32:01 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.29 07:31:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.03.09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.11 22:34:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.10 22:58:47 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.21 17:46:03 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.05.21 17:45:47 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.20 13:54:38 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.08 13:35:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 13:35:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.22 21:07:34 | 058,345,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2011.09.22 21:07:34 | 000,154,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.22 21:06:04 | 000,431,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.07 22:21:09 | 003,988,144 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.04.23 10:46:04 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2010.04.17 07:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.03.26 11:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV:64bit: - [2012.05.08 13:35:09 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 13:35:09 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011.08.22 23:14:57 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.17 14:04:46 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.06.17 14:04:43 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.19 12:39:00 | 000,107,096 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV:64bit: - [2010.09.13 07:01:00 | 000,182,872 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mkd3kfnt.sys -- (Mkd3kfNt)
DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.04.21 00:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.04.07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.11 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.08 04:37:00 | 000,097,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2BthF.sys -- (Mkd2Bthf)
DRV:64bit: - [2010.03.05 12:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.01 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.14 22:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.02.10 09:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.13 17:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.13 17:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.12.22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360111t516l0453z115t6611k53o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360111t516l0453z115t6611k53o
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360111t516l0453z115t6611k53o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360111t516l0453z115t6611k53o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360111t516l0453z115t6611k53o
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE414
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..network.proxy.http: "200.105.225.45"
FF - prefs.js..network.proxy.http_port: 8080
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.20 00:33:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.14 20:50:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.14 20:50:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 13:55:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.11 19:19:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
[2012.06.19 13:55:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions
[2012.07.11 19:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\k2e0147e.default\extensions
[2012.06.19 13:56:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\k2e0147e.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.22 23:14:28 | 000,002,055 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\k2e0147e.default\searchplugins\daemon-search.xml
[2012.06.19 13:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.07.03 17:44:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.30 14:12:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: DAEMON Search (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-907013825-1055173690-614559143-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-907013825-1055173690-614559143-1001..\Run: [Akamai NetSession Interface] C:\Users\Home\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-907013825-1055173690-614559143-1001..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe File not found
O4 - HKU\S-1-5-21-907013825-1055173690-614559143-1001..\Run: [Steam] A:\Spiele\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab (Aosmgr Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBFF7C8E-01AF-47B5-A4F6-A6D5F88C8B31}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\Shell - "" = AutoRun
O33 - MountPoints2\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Diablo III Setup.exe -- [2012.02.03 00:07:14 | 001,856,592 | ---- | M] (Blizzard Entertainment)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
MsConfig:64bit - StartUpReg: avast5 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - File not found
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.07.07 17:29:54 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Red Alert 3
[2012.07.07 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Red Alert 3
[2012.07.06 17:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.04 15:53:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2012.07.04 15:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.04 15:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.04 15:51:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.04 15:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.28 13:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.28 13:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.06.23 17:01:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\dxhr
[2012.06.23 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\28050
[2012.06.19 13:55:18 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Mozilla
[2012.06.19 13:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012.06.19 13:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2012.06.18 12:25:35 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Macromedia
[2011.12.08 14:42:42 | 003,539,040 | ---- | C] (AVAST Software) -- C:\Program Files\Alwil Softw
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.12 13:07:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.12 12:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.12 12:20:39 | 000,024,024 | ---- | M] () -- C:\Users\Home\Desktop\Notenspiegel.pdf
[2012.07.12 12:08:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.12 12:08:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.12 12:01:22 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.12 12:00:11 | 000,450,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 12:00:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.12 11:58:56 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.12 00:29:55 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini
[2012.07.11 10:03:14 | 001,828,946 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.11 10:03:14 | 000,773,738 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.11 10:03:14 | 000,727,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.11 10:03:14 | 000,178,388 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.11 10:03:14 | 000,150,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.08 12:20:14 | 000,056,073 | ---- | M] () -- C:\Users\Home\Desktop\Management Tools Aufsatz Robert.pdf
[2012.07.05 20:09:33 | 000,169,635 | ---- | M] () -- C:\Users\Home\Desktop\lessons_learnt.pdf
[2012.07.04 17:29:39 | 000,035,524 | ---- | M] () -- C:\Users\Home\Desktop\error.png
[2012.07.04 17:15:37 | 000,125,975 | ---- | M] () -- C:\Users\Home\Desktop\malware4.png
[2012.07.04 15:51:06 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.03 22:31:32 | 000,041,528 | ---- | M] () -- C:\Users\Home\Desktop\OTL_Extras.rar
[2012.07.03 21:28:55 | 000,000,000 | ---- | M] () -- C:\Users\Home\defogger_reenable
[2012.07.03 17:44:22 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.07.03 17:43:12 | 000,001,885 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.29 12:47:26 | 000,007,225 | ---- | M] () -- C:\Users\Home\Desktop\100-Punkte-Skala.png
[2012.06.24 21:32:32 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdate.dll
[2012.06.19 13:55:11 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.19 13:51:42 | 002,768,250 | ---- | M] () -- C:\Users\Home\Documents\Firefox 13.0.1 (de) - 2012-06-19.pcv
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.12 12:20:39 | 000,024,024 | ---- | C] () -- C:\Users\Home\Desktop\Notenspiegel.pdf
[2012.07.12 00:29:55 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2012.07.08 12:20:13 | 000,056,073 | ---- | C] () -- C:\Users\Home\Desktop\Management Tools Aufsatz Robert.pdf
[2012.07.05 20:09:33 | 000,169,635 | ---- | C] () -- C:\Users\Home\Desktop\lessons_learnt.pdf
[2012.07.04 17:21:04 | 000,035,524 | ---- | C] () -- C:\Users\Home\Desktop\error.png
[2012.07.04 17:15:37 | 000,125,975 | ---- | C] () -- C:\Users\Home\Desktop\malware4.png
[2012.07.04 15:51:06 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.03 22:31:32 | 000,041,528 | ---- | C] () -- C:\Users\Home\Desktop\OTL_Extras.rar
[2012.07.03 21:28:55 | 000,000,000 | ---- | C] () -- C:\Users\Home\defogger_reenable
[2012.07.03 17:43:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.07.03 17:43:12 | 000,001,885 | ---- | C] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.29 12:47:26 | 000,007,225 | ---- | C] () -- C:\Users\Home\Desktop\100-Punkte-Skala.png
[2012.06.19 13:55:11 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.19 13:55:11 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.19 13:51:34 | 002,768,250 | ---- | C] () -- C:\Users\Home\Documents\Firefox 13.0.1 (de) - 2012-06-19.pcv
[2012.06.19 11:43:23 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.28 10:37:43 | 000,007,605 | ---- | C] () -- C:\Users\Home\AppData\Local\Resmon.ResmonCfg
[2012.05.03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.03.30 19:48:50 | 000,000,152 | ---- | C] () -- C:\Windows\wininit.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.04 17:24:00 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.20 10:59:09 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{6DB3E144-DF23-4CD2-A2B7-DC468319DB2B}
[2011.05.01 22:28:45 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\godlike.dat
[2011.02.26 14:57:24 | 000,187,699 | ---- | C] () -- C:\Windows\Kino Mogul Uninstaller.exe
[2011.02.17 14:02:20 | 000,000,092 | ---- | C] () -- C:\Users\Home\AppData\Local\fusioncache.dat
[2011.02.16 20:48:50 | 000,004,608 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.16 18:59:51 | 001,806,840 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.16 18:58:14 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.02.16 18:58:13 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.02.16 18:58:13 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.02.06 16:52:19 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2011.01.18 14:06:39 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011.01.18 14:06:38 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2011.01.18 14:06:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2011.01.18 14:06:38 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2011.01.18 14:06:37 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2011.01.15 18:34:20 | 000,000,376 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2011.01.13 15:44:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.13 15:35:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.14 06:57:51 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== LOP Check ==========
[2012.01.31 19:28:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.minecraft
[2011.10.14 14:18:21 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Auslogics
[2011.06.07 16:48:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Azgard
[2012.01.28 20:51:08 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\BigHugeEngine
[2011.10.18 16:59:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\BitTorrent
[2012.02.01 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DAEMON Tools Lite
[2012.02.16 12:44:07 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DVDVideoSoft
[2011.02.16 20:38:04 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.15 17:06:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\FUEL Demo
[2011.06.01 16:54:12 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GetRightToGo
[2011.06.19 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\go
[2012.01.21 20:57:28 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\LolClient
[2012.05.24 16:02:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\LolClient2
[2011.04.18 16:14:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OOo-dev
[2011.04.18 15:22:05 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenOffice.org
[2011.02.17 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\PlayFirst
[2012.07.07 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Red Alert 3
[2011.02.02 17:35:00 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SAP
[2011.06.01 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SpinTop
[2012.03.29 22:16:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Subversion
[2011.10.13 14:21:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TeamViewer
[2011.01.16 16:34:33 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Template
[2012.06.19 11:38:28 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TS3Client
[2011.07.17 00:36:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ts3overlay
[2012.05.21 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Ubisoft
[2011.03.15 18:18:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Windows Live Writer
[2012.01.04 22:58:51 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Winter Sports 2011
[2011.03.18 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\XRay Engine
[2012.05.14 08:58:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.01.31 19:28:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.minecraft
[2011.04.16 15:12:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Adobe
[2012.01.18 23:08:31 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Apple Computer
[2011.01.13 15:29:07 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ATI
[2011.10.14 14:18:21 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Auslogics
[2012.01.09 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Avira
[2011.06.07 16:48:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Azgard
[2012.01.28 20:51:08 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\BigHugeEngine
[2011.10.18 16:59:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\BitTorrent
[2012.02.01 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DAEMON Tools Lite
[2012.02.02 19:48:34 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DivX
[2011.06.27 18:45:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\dvdcss
[2012.02.16 12:44:07 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DVDVideoSoft
[2011.02.16 20:38:04 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.15 17:06:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\FUEL Demo
[2011.06.01 16:54:12 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GetRightToGo
[2011.06.19 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\go
[2011.01.13 15:30:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Google
[2011.01.13 15:27:22 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Identities
[2012.01.05 12:19:09 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\InstallShield
[2011.01.13 15:28:04 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Intel Corporation
[2012.01.21 20:57:28 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\LolClient
[2012.05.24 16:02:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\LolClient2
[2011.01.13 15:27:54 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Macromedia
[2012.07.04 15:53:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Media Center Programs
[2012.05.08 18:35:41 | 000,000,000 | --SD | M] -- C:\Users\Home\AppData\Roaming\Microsoft
[2012.06.19 13:55:29 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Mozilla
[2011.04.18 16:14:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OOo-dev
[2011.04.18 15:22:05 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenOffice.org
[2011.02.17 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\PlayFirst
[2011.12.10 13:43:52 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Real
[2012.07.07 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Red Alert 3
[2011.02.02 17:35:00 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SAP
[2011.02.16 19:04:34 | 000,000,000 | RH-D | M] -- C:\Users\Home\AppData\Roaming\SecuROM
[2012.07.12 12:38:38 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Skype
[2011.05.28 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\skypePM
[2011.06.01 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SpinTop
[2012.03.29 22:16:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Subversion
[2011.10.13 14:21:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TeamViewer
[2011.01.16 16:34:33 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Template
[2012.03.29 22:18:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TortoiseSVN
[2012.06.19 11:38:28 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TS3Client
[2011.07.17 00:36:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ts3overlay
[2012.05.21 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Ubisoft
[2011.06.27 18:41:59 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\vlc
[2011.03.15 18:18:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Windows Live Writer
[2011.10.15 14:25:16 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WinRAR
[2012.01.04 22:58:51 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Winter Sports 2011
[2012.06.06 20:22:34 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Xfire
[2011.03.18 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\XRay Engine
< %APPDATA%\*.exe /s >
[2011.11.28 11:51:16 | 001,102,574 | ---- | M] () -- C:\Users\Home\AppData\Roaming\.minecraft\texturepacks\MCpatcher-2.2.2.exe
[2011.02.26 16:52:46 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Home\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\ARPPRODUCTICON.exe
[2011.02.26 16:52:46 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Home\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
[2011.02.26 16:52:46 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Home\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
[2011.02.26 16:52:46 | 000,008,854 | R--- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\Uninstall_GameShadow_B239090474BD48AAB2CC6612F8D46379.exe
[2011.02.06 17:21:14 | 263,326,453 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ragnarok Online\pRO Installer v3.exe
[2012.07.01 16:29:05 | 000,315,544 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Home\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\Users\Home\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
< MD5 for: IASTOR.SYS >
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
< MD5 for: IASTORV.SYS >
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: USER32.DLL >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2D09AB80
< End of report >
|
|
12.07.2012, 14:49
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU/ angebliche Bundespolizei/ Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..network.proxy.http: "200.105.225.45"
FF - prefs.js..network.proxy.http_port: 8080
FF - user.js - File not found
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll File not found
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\Shell - "" = AutoRun
O33 - MountPoints2\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Diablo III Setup.exe -- [2012.02.03 00:07:14 | 001,856,592 | ---- | M] (Blizzard Entertainment)
[2012.06.23 17:01:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\dxhr
[2012.06.23 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\28050
[2012.07.03 17:43:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2010.05.14 06:57:51 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2D09AB80
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
13.07.2012, 10:35
| #18 |
| | GVU/ angebliche Bundespolizei/ Trojaner Hey,
__________________danke für die Erstellung des Scripts  . Hier ist der Log:Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-907013825-1055173690-614559143-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 removed from extensions.enabledItems
Prefs.js: "200.105.225.45" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. G:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\ not found.
File move failed. G:\Diablo III Setup.exe scheduled to be moved on reboot.
C:\Users\Home\AppData\Local\dxhr\cache\data\players folder moved successfully.
C:\Users\Home\AppData\Local\dxhr\cache\data folder moved successfully.
C:\Users\Home\AppData\Local\dxhr\cache folder moved successfully.
C:\Users\Home\AppData\Local\dxhr folder moved successfully.
C:\Users\Home\AppData\Local\28050\eidos\2a128d0\cache\temp folder moved successfully.
C:\Users\Home\AppData\Local\28050\eidos\2a128d0\cache\persistent folder moved successfully.
C:\Users\Home\AppData\Local\28050\eidos\2a128d0\cache folder moved successfully.
C:\Users\Home\AppData\Local\28050\eidos\2a128d0 folder moved successfully.
C:\Users\Home\AppData\Local\28050\eidos folder moved successfully.
C:\Users\Home\AppData\Local\28050 folder moved successfully.
C:\ProgramData\nud0repor.pad moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:93EB7685 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:2D09AB80 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Home
->Temp folder emptied: 9188370 bytes
->Temporary Internet Files folder emptied: 38137293 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 1079317936 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6265 bytes
User: Internet
->Temp folder emptied: 192677 bytes
->Temporary Internet Files folder emptied: 262066 bytes
->FireFox cache emptied: 63406313 bytes
->Flash cache emptied: 920 bytes
User: Public
User: University
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102082 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85163 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.136,00 mb
[EMPTYFLASH]
User: All Users
User: AppData
User: Default
User: Default User
User: Home
->Flash cache emptied: 0 bytes
User: Internet
->Flash cache emptied: 0 bytes
User: Public
User: University
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.1 log created on 07132012_112431
Files\Folders moved on Reboot...
File move failed. G:\autorun.inf scheduled to be moved on reboot.
File move failed. G:\Diablo III Setup.exe scheduled to be moved on reboot.
C:\Users\Home\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\urlclassifier3.sqlite moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () G:\autorun.inf : MD5=F3508C41EE019FD19BDC7E5B72A20D47
[2012.02.03 00:07:14 | 001,856,592 | ---- | M] (Blizzard Entertainment) G:\Diablo III Setup.exe : MD5=DDB8CB14B7DD6B00236320CB2FAB06BA
File C:\Users\Home\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_001_ not found!
File C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_002_ not found!
File C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_003_ not found!
File C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_MAP_ not found!
File C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\urlclassifier3.sqlite not found!
[2012.07.13 11:28:35 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5
Registry entries deleted on Reboot...
|
|
13.07.2012, 20:25
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU/ angebliche Bundespolizei/ Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2012, 21:43
| #20 |
| | GVU/ angebliche Bundespolizei/ Trojaner Hey, ok habe das gemacht, hier der Log: Code:
ATTFilter 22:36:58.0114 6732 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
22:36:58.0254 6732 ============================================================
22:36:58.0254 6732 Current date / time: 2012/07/13 22:36:58.0254
22:36:58.0254 6732 SystemInfo:
22:36:58.0254 6732
22:36:58.0254 6732 OS Version: 6.1.7600 ServicePack: 0.0
22:36:58.0254 6732 Product type: Workstation
22:36:58.0254 6732 ComputerName: HOME-PC
22:36:58.0254 6732 UserName: Home
22:36:58.0254 6732 Windows directory: C:\Windows
22:36:58.0254 6732 System windows directory: C:\Windows
22:36:58.0254 6732 Running under WOW64
22:36:58.0254 6732 Processor architecture: Intel x64
22:36:58.0254 6732 Number of processors: 4
22:36:58.0254 6732 Page size: 0x1000
22:36:58.0254 6732 Boot type: Normal boot
22:36:58.0254 6732 ============================================================
22:36:59.0405 6732 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:36:59.0411 6732 ============================================================
22:36:59.0411 6732 \Device\Harddisk0\DR0:
22:36:59.0411 6732 MBR partitions:
22:36:59.0411 6732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
22:36:59.0411 6732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x1C4CA000
22:36:59.0431 6732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DEFD000, BlocksNum 0x1C488800
22:36:59.0431 6732 ============================================================
22:36:59.0460 6732 C: <-> \Device\Harddisk0\DR0\Partition1
22:36:59.0513 6732 A: <-> \Device\Harddisk0\DR0\Partition2
22:36:59.0543 6732 ============================================================
22:36:59.0544 6732 Initialize success
22:36:59.0544 6732 ============================================================
22:39:20.0428 5976 ============================================================
22:39:20.0428 5976 Scan started
22:39:20.0428 5976 Mode: Manual; SigCheck; TDLFS;
22:39:20.0428 5976 ============================================================
22:39:23.0002 5976 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:39:23.0205 5976 1394ohci - ok
22:39:23.0252 5976 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:39:23.0298 5976 ACPI - ok
22:39:23.0361 5976 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:39:23.0439 5976 AcpiPmi - ok
22:39:23.0579 5976 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:39:23.0610 5976 AdobeARMservice - ok
22:39:24.0032 5976 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:39:24.0047 5976 AdobeFlashPlayerUpdateSvc - ok
22:39:24.0188 5976 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:39:24.0219 5976 adp94xx - ok
22:39:24.0266 5976 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:39:24.0312 5976 adpahci - ok
22:39:24.0328 5976 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:39:24.0344 5976 adpu320 - ok
22:39:24.0375 5976 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:39:24.0609 5976 AeLookupSvc - ok
22:39:24.0702 5976 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
22:39:24.0827 5976 AFD - ok
22:39:24.0874 5976 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:39:24.0890 5976 agp440 - ok
22:39:25.0358 5976 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
22:39:25.0358 5976 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
22:39:25.0358 5976 Akamai ( HiddenFile.Multi.Generic ) - warning
22:39:25.0358 5976 Akamai - detected HiddenFile.Multi.Generic (1)
22:39:25.0498 5976 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:39:25.0560 5976 ALG - ok
22:39:25.0638 5976 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:39:25.0670 5976 aliide - ok
22:39:25.0716 5976 AMD External Events Utility (671d9dca48da807780d8409c18ed0ae0) C:\Windows\system32\atiesrxx.exe
22:39:25.0872 5976 AMD External Events Utility - ok
22:39:25.0904 5976 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:39:25.0919 5976 amdide - ok
22:39:25.0950 5976 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:39:25.0982 5976 AmdK8 - ok
22:39:26.0637 5976 amdkmdag (d3e6b2e1394d93fe9db0ba24814b0d8f) C:\Windows\system32\DRIVERS\atipmdag.sys
22:39:26.0886 5976 amdkmdag - ok
22:39:27.0042 5976 amdkmdap (cc4d915d786d3da973b2ea9b95d59a29) C:\Windows\system32\DRIVERS\atikmpag.sys
22:39:27.0089 5976 amdkmdap - ok
22:39:27.0120 5976 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:39:27.0167 5976 AmdPPM - ok
22:39:27.0230 5976 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
22:39:27.0245 5976 amdsata - ok
22:39:27.0308 5976 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:39:27.0339 5976 amdsbs - ok
22:39:27.0370 5976 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
22:39:27.0401 5976 amdxata - ok
22:39:27.0432 5976 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
22:39:27.0495 5976 AmUStor - ok
22:39:27.0620 5976 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:39:27.0635 5976 AntiVirSchedulerService - ok
22:39:27.0713 5976 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:39:27.0729 5976 AntiVirService - ok
22:39:27.0776 5976 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:39:27.0900 5976 AppID - ok
22:39:27.0932 5976 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:39:28.0072 5976 AppIDSvc - ok
22:39:28.0119 5976 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
22:39:28.0181 5976 Appinfo - ok
22:39:28.0275 5976 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:39:28.0290 5976 Apple Mobile Device - ok
22:39:28.0337 5976 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:39:28.0353 5976 arc - ok
22:39:28.0384 5976 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:39:28.0400 5976 arcsas - ok
22:39:28.0524 5976 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:39:28.0618 5976 aspnet_state - ok
22:39:28.0665 5976 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:39:28.0727 5976 AsyncMac - ok
22:39:28.0758 5976 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:39:28.0774 5976 atapi - ok
22:39:28.0977 5976 athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys
22:39:29.0117 5976 athr - ok
22:39:29.0273 5976 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
22:39:29.0304 5976 AtiHdmiService - ok
22:39:29.0367 5976 atksgt (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
22:39:29.0398 5976 atksgt - ok
22:39:29.0476 5976 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:39:29.0570 5976 AudioEndpointBuilder - ok
22:39:29.0570 5976 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:39:29.0632 5976 AudioSrv - ok
22:39:29.0694 5976 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
22:39:29.0726 5976 avgntflt - ok
22:39:29.0788 5976 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
22:39:29.0819 5976 avipbb - ok
22:39:29.0819 5976 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:39:29.0835 5976 avkmgr - ok
22:39:29.0913 5976 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
22:39:29.0991 5976 AxInstSV - ok
22:39:30.0069 5976 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:39:30.0131 5976 b06bdrv - ok
22:39:30.0225 5976 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:39:30.0256 5976 b57nd60a - ok
22:39:30.0459 5976 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
22:39:30.0474 5976 BBSvc - ok
22:39:30.0599 5976 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
22:39:30.0615 5976 BBUpdate - ok
22:39:30.0911 5976 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:39:31.0036 5976 BCM43XX - ok
22:39:31.0176 5976 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:39:31.0254 5976 BDESVC - ok
22:39:31.0301 5976 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:39:31.0379 5976 Beep - ok
22:39:31.0488 5976 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
22:39:31.0582 5976 BFE - ok
22:39:31.0676 5976 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
22:39:31.0816 5976 BITS - ok
22:39:31.0878 5976 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:39:31.0925 5976 blbdrive - ok
22:39:32.0034 5976 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:39:32.0081 5976 Bonjour Service - ok
22:39:32.0112 5976 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:39:32.0206 5976 bowser - ok
22:39:32.0222 5976 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:39:32.0268 5976 BrFiltLo - ok
22:39:32.0284 5976 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:39:32.0331 5976 BrFiltUp - ok
22:39:32.0393 5976 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
22:39:32.0471 5976 Browser - ok
22:39:32.0534 5976 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:39:32.0612 5976 Brserid - ok
22:39:32.0627 5976 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:39:32.0658 5976 BrSerWdm - ok
22:39:32.0690 5976 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:39:32.0752 5976 BrUsbMdm - ok
22:39:32.0752 5976 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:39:32.0783 5976 BrUsbSer - ok
22:39:32.0846 5976 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:39:32.0892 5976 BthEnum - ok
22:39:32.0955 5976 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:39:33.0002 5976 BTHMODEM - ok
22:39:33.0048 5976 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:39:33.0080 5976 BthPan - ok
22:39:33.0173 5976 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
22:39:33.0251 5976 BTHPORT - ok
22:39:33.0314 5976 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:39:33.0376 5976 bthserv - ok
22:39:33.0423 5976 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
22:39:33.0470 5976 BTHUSB - ok
22:39:33.0532 5976 btwampfl (380b798d30c56ede4af58619d0e86ccb) C:\Windows\system32\drivers\btwampfl.sys
22:39:33.0563 5976 btwampfl - ok
22:39:33.0610 5976 btwaudio (ba5622f5544c6c445dff1a05acc8b19d) C:\Windows\system32\drivers\btwaudio.sys
22:39:33.0626 5976 btwaudio - ok
22:39:33.0657 5976 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\DRIVERS\btwavdt.sys
22:39:33.0657 5976 btwavdt - ok
22:39:33.0813 5976 btwdins (3930e53ee0bed9dff9afa09f505d0cae) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:39:33.0875 5976 btwdins - ok
22:39:33.0922 5976 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:39:33.0922 5976 btwl2cap - ok
22:39:33.0953 5976 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys
22:39:33.0969 5976 btwrchid - ok
22:39:34.0016 5976 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:39:34.0094 5976 cdfs - ok
22:39:34.0140 5976 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:39:34.0203 5976 cdrom - ok
22:39:34.0250 5976 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:39:34.0328 5976 CertPropSvc - ok
22:39:34.0374 5976 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:39:34.0406 5976 circlass - ok
22:39:34.0530 5976 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:39:34.0562 5976 CLFS - ok
22:39:34.0655 5976 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:34.0671 5976 clr_optimization_v2.0.50727_32 - ok
22:39:34.0749 5976 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:39:34.0764 5976 clr_optimization_v2.0.50727_64 - ok
22:39:34.0889 5976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:39:35.0045 5976 clr_optimization_v4.0.30319_32 - ok
22:39:35.0123 5976 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:39:35.0201 5976 clr_optimization_v4.0.30319_64 - ok
22:39:35.0248 5976 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:39:35.0295 5976 CmBatt - ok
22:39:35.0310 5976 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:39:35.0326 5976 cmdide - ok
22:39:35.0420 5976 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
22:39:35.0498 5976 CNG - ok
22:39:35.0544 5976 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:39:35.0560 5976 Compbatt - ok
22:39:35.0591 5976 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:39:35.0638 5976 CompositeBus - ok
22:39:35.0669 5976 COMSysApp - ok
22:39:35.0685 5976 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:39:35.0700 5976 crcdisk - ok
22:39:35.0778 5976 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
22:39:35.0872 5976 CryptSvc - ok
22:39:35.0919 5976 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
22:39:35.0934 5976 CVirtA - ok
22:39:36.0153 5976 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
22:39:36.0231 5976 CVPND - ok
22:39:36.0402 5976 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
22:39:36.0434 5976 CVPNDRVA - ok
22:39:36.0574 5976 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:39:36.0668 5976 DcomLaunch - ok
22:39:36.0746 5976 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:39:36.0855 5976 defragsvc - ok
22:39:36.0902 5976 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:39:36.0995 5976 DfsC - ok
22:39:37.0042 5976 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
22:39:37.0167 5976 Dhcp - ok
22:39:37.0198 5976 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:39:37.0276 5976 discache - ok
22:39:37.0323 5976 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:39:37.0338 5976 Disk - ok
22:39:37.0401 5976 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
22:39:37.0416 5976 DNE - ok
22:39:37.0479 5976 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
22:39:37.0572 5976 Dnscache - ok
22:39:37.0619 5976 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
22:39:37.0697 5976 dot3svc - ok
22:39:37.0744 5976 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
22:39:37.0822 5976 DPS - ok
22:39:37.0853 5976 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:39:37.0869 5976 drmkaud - ok
22:39:37.0994 5976 DsiWMIService (61e894fe1e9cc720c909e6e343351794) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:39:38.0025 5976 DsiWMIService - ok
22:39:38.0103 5976 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:39:38.0134 5976 dtsoftbus01 - ok
22:39:38.0243 5976 dump_wmimmc - ok
22:39:38.0368 5976 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:39:38.0415 5976 DXGKrnl - ok
22:39:38.0462 5976 EagleX64 - ok
22:39:38.0493 5976 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:39:38.0586 5976 EapHost - ok
22:39:39.0242 5976 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:39:39.0382 5976 ebdrv - ok
22:39:39.0507 5976 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
22:39:39.0600 5976 EFS - ok
22:39:39.0725 5976 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
22:39:39.0819 5976 ehRecvr - ok
22:39:39.0850 5976 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:39:39.0944 5976 ehSched - ok
22:39:40.0068 5976 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:39:40.0162 5976 elxstor - ok
22:39:40.0302 5976 ePowerSvc (064f001bf07333f980ffb565dcf6dd3d) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
22:39:40.0349 5976 ePowerSvc - ok
22:39:40.0474 5976 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:39:40.0521 5976 ErrDev - ok
22:39:40.0614 5976 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:39:40.0739 5976 EventSystem - ok
22:39:40.0833 5976 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:39:40.0911 5976 exfat - ok
22:39:40.0942 5976 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:39:41.0036 5976 fastfat - ok
22:39:41.0176 5976 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
22:39:41.0316 5976 Fax - ok
22:39:41.0332 5976 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:39:41.0363 5976 fdc - ok
22:39:41.0410 5976 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:39:41.0488 5976 fdPHost - ok
22:39:41.0504 5976 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:39:41.0550 5976 FDResPub - ok
22:39:41.0582 5976 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:39:41.0582 5976 FileInfo - ok
22:39:41.0597 5976 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:39:41.0660 5976 Filetrace - ok
22:39:41.0675 5976 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:39:41.0691 5976 flpydisk - ok
22:39:41.0722 5976 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:39:41.0753 5976 FltMgr - ok
22:39:41.0878 5976 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
22:39:42.0003 5976 FontCache - ok
22:39:42.0081 5976 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:39:42.0096 5976 FontCache3.0.0.0 - ok
22:39:42.0143 5976 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:39:42.0174 5976 FsDepends - ok
22:39:42.0206 5976 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
22:39:42.0221 5976 fssfltr - ok
22:39:42.0440 5976 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:39:42.0518 5976 fsssvc - ok
22:39:42.0642 5976 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
22:39:42.0658 5976 Fs_Rec - ok
22:39:42.0720 5976 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:39:42.0752 5976 fvevol - ok
22:39:42.0798 5976 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:39:42.0814 5976 gagp30kx - ok
22:39:42.0908 5976 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
22:39:42.0986 5976 gpsvc - ok
22:39:43.0095 5976 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
22:39:43.0110 5976 GREGService - ok
22:39:43.0188 5976 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:43.0204 5976 gupdate - ok
22:39:43.0204 5976 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:43.0235 5976 gupdatem - ok
22:39:43.0266 5976 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:39:43.0282 5976 gusvc - ok
22:39:43.0329 5976 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
22:39:43.0344 5976 hamachi - ok
22:39:43.0610 5976 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
22:39:43.0719 5976 Hamachi2Svc - ok
22:39:43.0859 5976 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:39:43.0953 5976 hcw85cir - ok
22:39:44.0000 5976 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:39:44.0046 5976 HdAudAddService - ok
22:39:44.0093 5976 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:39:44.0156 5976 HDAudBus - ok
22:39:44.0187 5976 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:39:44.0218 5976 HECIx64 - ok
22:39:44.0234 5976 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:39:44.0265 5976 HidBatt - ok
22:39:44.0312 5976 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:39:44.0374 5976 HidBth - ok
22:39:44.0405 5976 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:39:44.0436 5976 HidIr - ok
22:39:44.0468 5976 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:39:44.0546 5976 hidserv - ok
22:39:44.0577 5976 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:39:44.0592 5976 HidUsb - ok
22:39:44.0624 5976 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
22:39:44.0686 5976 hkmsvc - ok
22:39:44.0748 5976 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
22:39:44.0826 5976 HomeGroupListener - ok
22:39:44.0873 5976 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
22:39:44.0920 5976 HomeGroupProvider - ok
22:39:44.0967 5976 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:39:44.0982 5976 HpSAMD - ok
22:39:45.0060 5976 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:39:45.0154 5976 HTTP - ok
22:39:45.0170 5976 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:39:45.0201 5976 hwpolicy - ok
22:39:45.0248 5976 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:39:45.0279 5976 i8042prt - ok
22:39:45.0341 5976 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
22:39:45.0372 5976 iaStor - ok
22:39:45.0450 5976 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:39:45.0482 5976 IAStorDataMgrSvc - ok
22:39:45.0606 5976 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
22:39:45.0622 5976 iaStorV - ok
22:39:45.0700 5976 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:39:45.0716 5976 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:39:45.0716 5976 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:39:45.0825 5976 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:39:45.0872 5976 idsvc - ok
22:39:45.0981 5976 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:39:45.0996 5976 iirsp - ok
22:39:46.0106 5976 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
22:39:46.0230 5976 IKEEXT - ok
22:39:46.0293 5976 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
22:39:46.0324 5976 Impcd - ok
22:39:46.0355 5976 IntcAzAudAddService - ok
22:39:46.0371 5976 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:39:46.0386 5976 intelide - ok
22:39:47.0120 5976 intelkmd (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdpmd64.sys
22:39:47.0447 5976 intelkmd - ok
22:39:47.0666 5976 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:39:47.0681 5976 intelppm - ok
22:39:47.0728 5976 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:39:47.0790 5976 IPBusEnum - ok
22:39:47.0822 5976 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:47.0868 5976 IpFilterDriver - ok
22:39:47.0931 5976 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
22:39:48.0009 5976 iphlpsvc - ok
22:39:48.0056 5976 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:39:48.0087 5976 IPMIDRV - ok
22:39:48.0087 5976 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:39:48.0149 5976 IPNAT - ok
22:39:48.0180 5976 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:39:48.0196 5976 IRENUM - ok
22:39:48.0196 5976 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:39:48.0212 5976 isapnp - ok
22:39:48.0243 5976 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:39:48.0274 5976 iScsiPrt - ok
22:39:48.0305 5976 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:39:48.0321 5976 kbdclass - ok
22:39:48.0336 5976 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:39:48.0368 5976 kbdhid - ok
22:39:48.0414 5976 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:39:48.0430 5976 KeyIso - ok
22:39:48.0477 5976 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
22:39:48.0508 5976 KSecDD - ok
22:39:48.0524 5976 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
22:39:48.0539 5976 KSecPkg - ok
22:39:48.0570 5976 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:39:48.0633 5976 ksthunk - ok
22:39:48.0695 5976 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:39:48.0758 5976 KtmRm - ok
22:39:48.0804 5976 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
22:39:48.0820 5976 L1C - ok
22:39:48.0898 5976 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
22:39:48.0992 5976 LanmanServer - ok
22:39:49.0023 5976 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
22:39:49.0101 5976 LanmanWorkstation - ok
22:39:49.0163 5976 lirsgt (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
22:39:49.0179 5976 lirsgt - ok
22:39:49.0210 5976 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:39:49.0272 5976 lltdio - ok
22:39:49.0304 5976 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:39:49.0397 5976 lltdsvc - ok
22:39:49.0428 5976 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:39:49.0475 5976 lmhosts - ok
22:39:49.0616 5976 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:39:49.0647 5976 LMS ( UnsignedFile.Multi.Generic ) - warning
22:39:49.0647 5976 LMS - detected UnsignedFile.Multi.Generic (1)
22:39:49.0709 5976 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:39:49.0740 5976 LSI_FC - ok
22:39:49.0772 5976 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:39:49.0787 5976 LSI_SAS - ok
22:39:49.0834 5976 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:39:49.0850 5976 LSI_SAS2 - ok
22:39:49.0865 5976 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:39:49.0881 5976 LSI_SCSI - ok
22:39:49.0928 5976 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:39:50.0006 5976 luafv - ok
22:39:50.0115 5976 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:39:50.0130 5976 MBAMProtector - ok
22:39:50.0224 5976 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:39:50.0271 5976 MBAMService - ok
22:39:50.0318 5976 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
22:39:50.0349 5976 Mcx2Svc - ok
22:39:50.0364 5976 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:39:50.0380 5976 megasas - ok
22:39:50.0411 5976 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:39:50.0442 5976 MegaSR - ok
22:39:50.0520 5976 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:39:50.0536 5976 Microsoft Office Groove Audit Service - ok
22:39:50.0614 5976 Mkd2Bthf (20574909fdd7843618bf03f95b61303d) C:\Windows\system32\drivers\Mkd2Bthf.sys
22:39:50.0630 5976 Mkd2Bthf - ok
22:39:50.0676 5976 Mkd2Nadr (131d429af08e90cd16b36c68edf56226) C:\Windows\system32\drivers\Mkd2Nadr.sys
22:39:50.0692 5976 Mkd2Nadr - ok
22:39:50.0754 5976 Mkd3kfNt (8719aa5b8faabacc5f12239f3d9572a2) C:\Windows\system32\drivers\Mkd3kfNt.sys
22:39:50.0786 5976 Mkd3kfNt - ok
22:39:50.0817 5976 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:39:50.0895 5976 MMCSS - ok
22:39:50.0910 5976 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:39:50.0988 5976 Modem - ok
22:39:51.0020 5976 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:39:51.0082 5976 monitor - ok
22:39:51.0129 5976 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:39:51.0144 5976 mouclass - ok
22:39:51.0191 5976 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:39:51.0207 5976 mouhid - ok
22:39:51.0238 5976 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:39:51.0254 5976 mountmgr - ok
22:39:51.0363 5976 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:39:51.0394 5976 MozillaMaintenance - ok
22:39:51.0425 5976 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:39:51.0456 5976 mpio - ok
22:39:51.0488 5976 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:39:51.0566 5976 mpsdrv - ok
22:39:51.0706 5976 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
22:39:51.0831 5976 MpsSvc - ok
22:39:51.0909 5976 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:39:51.0940 5976 MRxDAV - ok
22:39:51.0987 5976 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:52.0049 5976 mrxsmb - ok
22:39:52.0112 5976 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:52.0158 5976 mrxsmb10 - ok
22:39:52.0205 5976 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:52.0236 5976 mrxsmb20 - ok
22:39:52.0283 5976 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:39:52.0299 5976 msahci - ok
22:39:52.0314 5976 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:39:52.0330 5976 msdsm - ok
22:39:52.0361 5976 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:39:52.0424 5976 MSDTC - ok
22:39:52.0455 5976 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:39:52.0502 5976 Msfs - ok
22:39:52.0533 5976 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:39:52.0580 5976 mshidkmdf - ok
22:39:52.0580 5976 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:39:52.0595 5976 msisadrv - ok
22:39:52.0626 5976 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:39:52.0720 5976 MSiSCSI - ok
22:39:52.0720 5976 msiserver - ok
22:39:52.0767 5976 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:39:52.0829 5976 MSKSSRV - ok
22:39:52.0845 5976 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:52.0907 5976 MSPCLOCK - ok
22:39:52.0907 5976 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:39:52.0970 5976 MSPQM - ok
22:39:53.0016 5976 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:39:53.0048 5976 MsRPC - ok
22:39:53.0063 5976 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:39:53.0079 5976 mssmbios - ok
22:39:53.0204 5976 MSSQL$SQLEXPRESS - ok
22:39:53.0282 5976 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:39:53.0313 5976 MSSQLServerADHelper100 - ok
22:39:53.0344 5976 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:39:53.0406 5976 MSTEE - ok
22:39:53.0406 5976 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:39:53.0438 5976 MTConfig - ok
22:39:53.0484 5976 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:39:53.0516 5976 Mup - ok
22:39:53.0547 5976 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:39:53.0562 5976 mwlPSDFilter - ok
22:39:53.0578 5976 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:39:53.0594 5976 mwlPSDNServ - ok
22:39:53.0625 5976 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:39:53.0640 5976 mwlPSDVDisk - ok
22:39:53.0812 5976 MWLService (0036634e5c92be109056f7e2380103a9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
22:39:53.0828 5976 MWLService - ok
22:39:53.0999 5976 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
22:39:54.0046 5976 napagent - ok
22:39:54.0124 5976 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:39:54.0155 5976 NativeWifiP - ok
22:39:54.0249 5976 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:39:54.0296 5976 NDIS - ok
22:39:54.0311 5976 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:39:54.0358 5976 NdisCap - ok
22:39:54.0389 5976 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:54.0452 5976 NdisTapi - ok
22:39:54.0483 5976 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:54.0576 5976 Ndisuio - ok
22:39:54.0608 5976 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:54.0654 5976 NdisWan - ok
22:39:54.0670 5976 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:39:54.0717 5976 NDProxy - ok
22:39:54.0764 5976 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:39:54.0857 5976 NetBIOS - ok
22:39:54.0888 5976 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:39:54.0951 5976 NetBT - ok
22:39:54.0998 5976 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:39:55.0013 5976 Netlogon - ok
22:39:55.0091 5976 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:39:55.0169 5976 Netman - ok
22:39:55.0310 5976 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:55.0356 5976 NetMsmqActivator - ok
22:39:55.0388 5976 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:55.0403 5976 NetPipeActivator - ok
22:39:55.0466 5976 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:39:55.0559 5976 netprofm - ok
22:39:55.0575 5976 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:55.0590 5976 NetTcpActivator - ok
22:39:55.0590 5976 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:55.0622 5976 NetTcpPortSharing - ok
22:39:55.0700 5976 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:39:55.0715 5976 nfrd960 - ok
22:39:55.0809 5976 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
22:39:55.0887 5976 NlaSvc - ok
22:39:55.0918 5976 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:39:55.0996 5976 Npfs - ok
22:39:56.0027 5976 npggsvc - ok
22:39:56.0027 5976 NPPTNT2 - ok
22:39:56.0074 5976 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:39:56.0152 5976 nsi - ok
22:39:56.0168 5976 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:39:56.0214 5976 nsiproxy - ok
22:39:56.0402 5976 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:39:56.0480 5976 Ntfs - ok
22:39:56.0589 5976 NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
22:39:56.0636 5976 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
22:39:56.0636 5976 NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
22:39:56.0667 5976 NTIBackupSvc (15221dd637d9d0ffc60848ebbf1df538) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:39:56.0682 5976 NTIBackupSvc - ok
22:39:56.0807 5976 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
22:39:56.0823 5976 NTIDrvr - ok
22:39:56.0885 5976 NTISchedulerSvc (b5071e15d4c3f5ef5018aff7e85a85e5) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:39:56.0963 5976 NTISchedulerSvc - ok
22:39:56.0994 5976 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:39:57.0072 5976 Null - ok
22:39:57.0104 5976 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
22:39:57.0135 5976 nvraid - ok
22:39:57.0182 5976 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
22:39:57.0213 5976 nvstor - ok
22:39:57.0244 5976 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:39:57.0275 5976 nv_agp - ok
22:39:57.0353 5976 ODDPwrSvc (ba7dac1b8a86d9402c3e04e1fcaa600d) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
22:39:57.0369 5976 ODDPwrSvc - ok
22:39:57.0478 5976 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:39:57.0525 5976 odserv - ok
22:39:57.0556 5976 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:39:57.0572 5976 ohci1394 - ok
22:39:57.0603 5976 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:39:57.0634 5976 ose - ok
22:39:57.0681 5976 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:39:57.0759 5976 p2pimsvc - ok
22:39:57.0837 5976 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:39:57.0868 5976 p2psvc - ok
22:39:57.0899 5976 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:39:57.0915 5976 Parport - ok
22:39:57.0962 5976 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
22:39:57.0977 5976 partmgr - ok
22:39:58.0008 5976 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:39:58.0055 5976 PcaSvc - ok
22:39:58.0102 5976 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:39:58.0118 5976 pci - ok
22:39:58.0149 5976 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:39:58.0164 5976 pciide - ok
22:39:58.0196 5976 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:39:58.0211 5976 pcmcia - ok
22:39:58.0242 5976 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:39:58.0258 5976 pcw - ok
22:39:58.0336 5976 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:39:58.0398 5976 PEAUTH - ok
22:39:58.0508 5976 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:39:58.0554 5976 PerfHost - ok
22:39:58.0788 5976 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
22:39:58.0913 5976 pla - ok
22:39:59.0007 5976 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
22:39:59.0116 5976 PlugPlay - ok
22:39:59.0147 5976 PnkBstrA - ok
22:39:59.0194 5976 PnkBstrB - ok
22:39:59.0225 5976 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:39:59.0256 5976 PNRPAutoReg - ok
22:39:59.0303 5976 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:39:59.0334 5976 PNRPsvc - ok
22:39:59.0381 5976 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
22:39:59.0459 5976 PolicyAgent - ok
22:39:59.0506 5976 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:39:59.0568 5976 Power - ok
22:39:59.0646 5976 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:39:59.0709 5976 PptpMiniport - ok
22:39:59.0756 5976 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:39:59.0802 5976 Processor - ok
22:39:59.0865 5976 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
22:39:59.0943 5976 ProfSvc - ok
22:39:59.0990 5976 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:39:59.0990 5976 ProtectedStorage - ok
22:40:00.0083 5976 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:40:00.0130 5976 Psched - ok
22:40:00.0286 5976 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:40:00.0364 5976 ql2300 - ok
22:40:00.0520 5976 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:40:00.0551 5976 ql40xx - ok
22:40:00.0598 5976 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:40:00.0645 5976 QWAVE - ok
22:40:00.0676 5976 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:40:00.0707 5976 QWAVEdrv - ok
22:40:00.0707 5976 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:40:00.0754 5976 RasAcd - ok
22:40:00.0801 5976 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:40:00.0848 5976 RasAgileVpn - ok
22:40:00.0879 5976 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:40:00.0941 5976 RasAuto - ok
22:40:00.0972 5976 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:01.0035 5976 Rasl2tp - ok
22:40:01.0066 5976 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
22:40:01.0144 5976 RasMan - ok
22:40:01.0175 5976 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:01.0253 5976 RasPppoe - ok
22:40:01.0285 5976 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:40:01.0347 5976 RasSstp - ok
22:40:01.0394 5976 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:40:01.0472 5976 rdbss - ok
22:40:01.0487 5976 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:40:01.0503 5976 rdpbus - ok
22:40:01.0519 5976 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:01.0565 5976 RDPCDD - ok
22:40:01.0597 5976 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:40:01.0659 5976 RDPENCDD - ok
22:40:01.0675 5976 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:40:01.0721 5976 RDPREFMP - ok
22:40:01.0768 5976 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
22:40:01.0846 5976 RDPWD - ok
22:40:01.0893 5976 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:40:01.0940 5976 rdyboost - ok
22:40:01.0987 5976 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:40:02.0065 5976 RemoteAccess - ok
22:40:02.0127 5976 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:40:02.0205 5976 RemoteRegistry - ok
22:40:02.0267 5976 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:40:02.0299 5976 RFCOMM - ok
22:40:02.0408 5976 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
22:40:02.0470 5976 RichVideo ( UnsignedFile.Multi.Generic ) - warning
22:40:02.0470 5976 RichVideo - detected UnsignedFile.Multi.Generic (1)
22:40:02.0517 5976 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:40:02.0579 5976 RpcEptMapper - ok
22:40:02.0611 5976 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:40:02.0626 5976 RpcLocator - ok
22:40:02.0673 5976 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:40:02.0735 5976 RpcSs - ok
22:40:02.0813 5976 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys
22:40:02.0876 5976 RsFx0105 - ok
22:40:02.0907 5976 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:40:02.0985 5976 rspndr - ok
22:40:03.0079 5976 RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
22:40:03.0125 5976 RS_Service - ok
22:40:03.0157 5976 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:40:03.0172 5976 SamSs - ok
22:40:03.0203 5976 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:40:03.0219 5976 sbp2port - ok
22:40:03.0266 5976 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:40:03.0344 5976 SCardSvr - ok
22:40:03.0359 5976 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:40:03.0422 5976 scfilter - ok
22:40:03.0547 5976 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
22:40:03.0640 5976 Schedule - ok
22:40:03.0671 5976 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:40:03.0718 5976 SCPolicySvc - ok
22:40:03.0749 5976 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
22:40:03.0843 5976 SDRSVC - ok
22:40:03.0921 5976 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:40:03.0999 5976 secdrv - ok
22:40:04.0046 5976 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
22:40:04.0124 5976 seclogon - ok
22:40:04.0155 5976 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:40:04.0202 5976 SENS - ok
22:40:04.0217 5976 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:40:04.0264 5976 SensrSvc - ok
22:40:04.0280 5976 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:40:04.0295 5976 Serenum - ok
22:40:04.0327 5976 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:40:04.0358 5976 Serial - ok
22:40:04.0405 5976 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:40:04.0405 5976 sermouse - ok
22:40:04.0451 5976 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
22:40:04.0498 5976 SessionEnv - ok
22:40:04.0529 5976 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:40:04.0592 5976 sffdisk - ok
22:40:04.0607 5976 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:40:04.0654 5976 sffp_mmc - ok
22:40:04.0670 5976 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
22:40:04.0717 5976 sffp_sd - ok
22:40:04.0748 5976 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:40:04.0779 5976 sfloppy - ok
22:40:04.0841 5976 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:40:04.0935 5976 SharedAccess - ok
22:40:04.0997 5976 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
22:40:05.0060 5976 ShellHWDetection - ok
22:40:05.0091 5976 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:40:05.0122 5976 SiSRaid2 - ok
22:40:05.0122 5976 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:40:05.0138 5976 SiSRaid4 - ok
22:40:05.0450 5976 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:40:05.0575 5976 Skype C2C Service - ok
22:40:05.0699 5976 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:40:05.0731 5976 SkypeUpdate - ok
22:40:05.0871 5976 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:40:05.0949 5976 Smb - ok
22:40:05.0996 5976 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:40:06.0027 5976 SNMPTRAP - ok
22:40:06.0058 5976 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:40:06.0074 5976 spldr - ok
22:40:06.0136 5976 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
22:40:06.0214 5976 Spooler - ok
22:40:06.0885 5976 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
22:40:06.0994 5976 sppsvc - ok
22:40:07.0119 5976 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:40:07.0166 5976 sppuinotify - ok
22:40:07.0337 5976 SQLAgent$SQLEXPRESS (45e65fb17a4cd5facbd3ca16c8334c82) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
22:40:07.0369 5976 SQLAgent$SQLEXPRESS - ok
22:40:07.0509 5976 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:40:07.0540 5976 SQLBrowser - ok
22:40:07.0649 5976 SQLWriter (f92e5f93be572b512da3c016b675ede0) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:40:07.0681 5976 SQLWriter - ok
22:40:07.0774 5976 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:40:07.0837 5976 srv - ok
22:40:07.0899 5976 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:40:07.0961 5976 srv2 - ok
22:40:08.0008 5976 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:40:08.0055 5976 srvnet - ok
22:40:08.0102 5976 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:40:08.0180 5976 SSDPSRV - ok
22:40:08.0195 5976 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:40:08.0242 5976 SstpSvc - ok
22:40:08.0320 5976 Steam Client Service - ok
22:40:08.0367 5976 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:40:08.0383 5976 stexstor - ok
22:40:08.0492 5976 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
22:40:08.0523 5976 stisvc - ok
22:40:08.0539 5976 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:40:08.0554 5976 swenum - ok
22:40:08.0663 5976 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:40:08.0710 5976 swprv - ok
22:40:08.0788 5976 SynTP (ce9b5a79aee330bc7e88c0441e5727bb) C:\Windows\system32\DRIVERS\SynTP.sys
22:40:08.0819 5976 SynTP - ok
22:40:09.0053 5976 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
22:40:09.0147 5976 SysMain - ok
22:40:09.0256 5976 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
22:40:09.0303 5976 TabletInputService - ok
22:40:09.0350 5976 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
22:40:09.0412 5976 TapiSrv - ok
22:40:09.0428 5976 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:40:09.0490 5976 TBS - ok
22:40:09.0693 5976 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
22:40:09.0818 5976 Tcpip - ok
22:40:10.0099 5976 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
22:40:10.0161 5976 TCPIP6 - ok
22:40:10.0239 5976 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:40:10.0301 5976 tcpipreg - ok
22:40:10.0317 5976 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:40:10.0411 5976 TDPIPE - ok
22:40:10.0442 5976 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
22:40:10.0489 5976 TDTCP - ok
22:40:10.0520 5976 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:40:10.0598 5976 tdx - ok
22:40:10.0629 5976 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:40:10.0629 5976 TermDD - ok
22:40:10.0738 5976 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
22:40:10.0816 5976 TermService - ok
22:40:10.0847 5976 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:40:10.0894 5976 Themes - ok
22:40:10.0910 5976 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:40:10.0972 5976 THREADORDER - ok
22:40:10.0988 5976 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:40:11.0050 5976 TrkWks - ok
22:40:11.0128 5976 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
22:40:11.0175 5976 TrustedInstaller - ok
22:40:11.0191 5976 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:11.0237 5976 tssecsrv - ok
22:40:11.0269 5976 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:40:11.0347 5976 tunnel - ok
22:40:11.0378 5976 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:40:11.0393 5976 uagp35 - ok
22:40:11.0409 5976 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
22:40:11.0425 5976 UBHelper - ok
22:40:11.0456 5976 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:40:11.0549 5976 udfs - ok
22:40:11.0581 5976 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:40:11.0596 5976 UI0Detect - ok
22:40:11.0643 5976 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:40:11.0659 5976 uliagpkx - ok
22:40:11.0690 5976 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:40:11.0737 5976 umbus - ok
22:40:11.0783 5976 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:40:11.0799 5976 UmPass - ok
22:40:12.0049 5976 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:40:12.0158 5976 UNS ( UnsignedFile.Multi.Generic ) - warning
22:40:12.0158 5976 UNS - detected UnsignedFile.Multi.Generic (1)
22:40:12.0251 5976 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:40:12.0298 5976 Updater Service - ok
22:40:12.0454 5976 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:40:12.0548 5976 upnphost - ok
22:40:12.0626 5976 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:40:12.0657 5976 usbaudio - ok
22:40:12.0704 5976 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:12.0751 5976 usbccgp - ok
22:40:12.0813 5976 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:40:12.0829 5976 usbcir - ok
22:40:12.0860 5976 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
22:40:12.0875 5976 usbehci - ok
22:40:12.0938 5976 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
22:40:12.0953 5976 usbhub - ok
22:40:13.0000 5976 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
22:40:13.0000 5976 usbohci - ok
22:40:13.0031 5976 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:40:13.0078 5976 usbprint - ok
22:40:13.0109 5976 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:13.0187 5976 USBSTOR - ok
22:40:13.0219 5976 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
22:40:13.0250 5976 usbuhci - ok
22:40:13.0312 5976 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
22:40:13.0375 5976 usbvideo - ok
22:40:13.0406 5976 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:40:13.0453 5976 UxSms - ok
22:40:13.0484 5976 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:40:13.0515 5976 VaultSvc - ok
22:40:13.0546 5976 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:40:13.0562 5976 vdrvroot - ok
22:40:13.0609 5976 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
22:40:13.0655 5976 vds - ok
22:40:13.0671 5976 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:13.0702 5976 vga - ok
22:40:13.0718 5976 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:40:13.0780 5976 VgaSave - ok
22:40:13.0796 5976 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:40:13.0811 5976 vhdmp - ok
22:40:13.0843 5976 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:40:13.0858 5976 viaide - ok
22:40:13.0874 5976 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:40:13.0889 5976 volmgr - ok
22:40:13.0936 5976 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:40:13.0952 5976 volmgrx - ok
22:40:13.0983 5976 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:40:14.0014 5976 volsnap - ok
22:40:14.0045 5976 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:40:14.0077 5976 vsmraid - ok
22:40:14.0233 5976 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
22:40:14.0326 5976 VSS - ok
22:40:14.0467 5976 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:40:14.0482 5976 vwifibus - ok
22:40:14.0513 5976 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:40:14.0545 5976 vwififlt - ok
22:40:14.0623 5976 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:40:14.0701 5976 W32Time - ok
22:40:14.0732 5976 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:40:14.0779 5976 WacomPen - ok
22:40:14.0841 5976 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:14.0903 5976 WANARP - ok
22:40:14.0903 5976 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:14.0950 5976 Wanarpv6 - ok
22:40:15.0137 5976 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
22:40:15.0247 5976 wbengine - ok
22:40:15.0403 5976 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:40:15.0434 5976 WbioSrvc - ok
22:40:15.0496 5976 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
22:40:15.0590 5976 wcncsvc - ok
22:40:15.0605 5976 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:40:15.0652 5976 WcsPlugInService - ok
22:40:15.0699 5976 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:40:15.0715 5976 Wd - ok
22:40:15.0777 5976 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:40:15.0839 5976 Wdf01000 - ok
22:40:15.0886 5976 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:40:15.0917 5976 WdiServiceHost - ok
22:40:15.0917 5976 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:40:15.0949 5976 WdiSystemHost - ok
22:40:16.0011 5976 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
22:40:16.0073 5976 WebClient - ok
22:40:16.0120 5976 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:40:16.0183 5976 Wecsvc - ok
22:40:16.0214 5976 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:40:16.0276 5976 wercplsupport - ok
22:40:16.0307 5976 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:40:16.0370 5976 WerSvc - ok
22:40:16.0448 5976 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:40:16.0510 5976 WfpLwf - ok
22:40:16.0526 5976 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:40:16.0541 5976 WIMMount - ok
22:40:16.0588 5976 WinDefend - ok
22:40:16.0588 5976 WinHttpAutoProxySvc - ok
22:40:16.0682 5976 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:40:16.0775 5976 Winmgmt - ok
22:40:16.0963 5976 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
22:40:17.0103 5976 WinRM - ok
22:40:17.0290 5976 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:40:17.0306 5976 WinUsb - ok
22:40:17.0493 5976 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:40:17.0555 5976 Wlansvc - ok
22:40:17.0633 5976 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:40:17.0649 5976 wlcrasvc - ok
22:40:17.0930 5976 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:40:18.0039 5976 wlidsvc - ok
22:40:18.0164 5976 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:40:18.0195 5976 WmiAcpi - ok
22:40:18.0273 5976 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:40:18.0335 5976 wmiApSrv - ok
22:40:18.0382 5976 WMPNetworkSvc - ok
22:40:18.0413 5976 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:40:18.0445 5976 WPCSvc - ok
22:40:18.0491 5976 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
22:40:18.0554 5976 WPDBusEnum - ok
22:40:18.0585 5976 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:40:18.0632 5976 ws2ifsl - ok
22:40:18.0663 5976 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
22:40:18.0725 5976 wscsvc - ok
22:40:18.0741 5976 WSearch - ok
22:40:18.0975 5976 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:40:19.0084 5976 wuauserv - ok
22:40:19.0256 5976 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:40:19.0303 5976 WudfPf - ok
22:40:19.0349 5976 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:19.0412 5976 WUDFRd - ok
22:40:19.0443 5976 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
22:40:19.0552 5976 wudfsvc - ok
22:40:19.0615 5976 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:40:19.0661 5976 WwanSvc - ok
22:40:19.0739 5976 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:40:20.0207 5976 \Device\Harddisk0\DR0 - ok
22:40:20.0207 5976 Boot (0x1200) (44101f44101f000ab99cf92604fb59f8) \Device\Harddisk0\DR0\Partition0
22:40:20.0223 5976 \Device\Harddisk0\DR0\Partition0 - ok
22:40:20.0239 5976 Boot (0x1200) (d2135d601e3b41ed543901ad0b93fc55) \Device\Harddisk0\DR0\Partition1
22:40:20.0254 5976 \Device\Harddisk0\DR0\Partition1 - ok
22:40:20.0270 5976 Boot (0x1200) (4b7bd285c2dcf71fc0388f5031b55066) \Device\Harddisk0\DR0\Partition2
22:40:20.0270 5976 \Device\Harddisk0\DR0\Partition2 - ok
22:40:20.0270 5976 ============================================================
22:40:20.0270 5976 Scan finished
22:40:20.0270 5976 ============================================================
22:40:20.0285 6868 Detected object count: 6
22:40:20.0285 6868 Actual detected object count: 6
22:40:32.0500 6868 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
22:40:32.0500 6868 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
22:40:32.0500 6868 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:32.0500 6868 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:32.0500 6868 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:32.0500 6868 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:32.0500 6868 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:32.0500 6868 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:32.0516 6868 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:32.0516 6868 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:32.0516 6868 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:32.0516 6868 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.07.2012, 22:11
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU/ angebliche Bundespolizei/ Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> GVU/ angebliche Bundespolizei/ Trojaner |
|
14.07.2012, 13:25
| #22 |
| | GVU/ angebliche Bundespolizei/ Trojaner Hey, super, danke habe ComboFix ausgeführt und die Fehlermeldung beim Starten des Pc's ist jetzt weg. Hier ist die Log Datei von ComboFix:Code:
ATTFilter ComboFix 12-07-13.03 - Home 14.07.2012 12:36:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3767.2090 [GMT 2:00]
ausgeführt von:: c:\users\Home\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\users\Public\Documents\NTILiveUpdate.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-14 bis 2012-07-14 ))))))))))))))))))))))))))))))
.
.
2012-07-14 10:50 . 2012-07-14 10:50 -------- d-----w- c:\users\Internet\AppData\Local\temp
2012-07-14 10:50 . 2012-07-14 10:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 10:42 . 2012-07-14 10:42 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2066B171-EC4F-4619-A36D-9D4A3C18880E}\offreg.dll
2012-07-13 10:06 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2066B171-EC4F-4619-A36D-9D4A3C18880E}\mpengine.dll
2012-07-13 09:24 . 2012-07-13 09:24 -------- d-----w- C:\_OTL
2012-07-12 01:14 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 16:36 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 16:36 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 16:36 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 16:36 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 16:35 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 16:35 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 16:35 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 16:35 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 16:35 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 16:35 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 16:35 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 16:35 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 16:35 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-11 16:35 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 16:35 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-07 15:25 . 2012-07-07 15:28 -------- d-----w- c:\users\Home\AppData\Roaming\Red Alert 3
2012-07-06 15:17 . 2012-07-06 15:17 -------- d-----w- c:\program files (x86)\ESET
2012-07-04 13:53 . 2012-07-04 13:53 -------- d-----w- c:\users\Home\AppData\Roaming\Malwarebytes
2012-07-04 13:51 . 2012-07-04 13:51 -------- d-----w- c:\programdata\Malwarebytes
2012-07-04 13:51 . 2012-07-04 13:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-04 13:51 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 11:22 . 2012-06-28 11:22 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-06-19 15:35 . 2012-06-19 15:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 11:51 . 2012-06-19 11:51 -------- d-----w- c:\program files (x86)\MozBackup
2012-06-19 09:43 . 2012-07-11 20:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 09:43 . 2012-07-11 20:34 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 08:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 08:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 08:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 08:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 08:50 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 08:50 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 08:50 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 08:50 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 08:50 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 10:25 . 2012-06-18 10:25 -------- d-----w- c:\users\Home\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 15:46 . 2011-02-16 16:58 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-21 15:45 . 2011-02-16 16:58 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-21 15:45 . 2011-02-16 16:58 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-05-13 18:02 . 2011-07-03 17:22 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-13 17:59 . 2011-02-16 16:58 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-08 11:35 . 2012-01-09 15:27 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 11:35 . 2012-01-09 15:27 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-04 10:52 . 2012-06-13 17:00 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 17:00 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 17:00 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:54 . 2012-05-03 02:54 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-05-02 05:32 . 2012-06-13 17:00 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 17:00 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 17:00 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 17:00 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 17:00 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 17:00 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 17:00 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 17:00 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 17:00 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 17:00 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 17:00 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2011-12-07 09:41 . 2011-12-08 12:42 3539040 ----a-w- c:\program files\Alwil Softw
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-14 39408]
"Steam"="a:\spiele\Steam\steam.exe" [2011-08-11 1242448]
"Akamai NetSession Interface"="c:\users\Home\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-04-23 124136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-5-14 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-26 1125152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 135664]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-05 335400]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464]
R3 dump_wmimmc;dump_wmimmc;c:\program files\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 135664]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2010-03-08 97368]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-11-19 107096]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2010-09-13 182872]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-22 254528]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-20 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-04-23 820768]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-04-21 6406144]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-20 188928]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-04-20 10322848]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 20:34]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 13:35]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 13:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-20 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-20 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-20 413720]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-04-23 496160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360111t516l0453z115t6611k53o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\k2e0147e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Age of Conan_is1 - c:\program files (x86)\Funcom\Age of Conan\unins000.exe
AddRemove-FUSSBALL MANAGER 11 DEMO - a:\spiele\FM11Demo\eauninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Steam App 10530 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 20510 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 550 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 91600 - c:\program files (x86)\Steam\steam.exe
AddRemove-TalonRO_is1 - c:\spiele\TalonRO\RO\unins000.exe
AddRemove-Winter Sports 2011_is1 - c:\program files (x86)\Winter Sports 2011\unins000.exe
AddRemove-{195C3D8C-1468-42F9-B169-110E79062D62}_is1 - a:\spiele\Godlike-RO\unins000.exe
AddRemove-{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1 - c:\program files (x86)\Mein Gutscheincode Finder\unins000.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files (x86)\Pando Networks\Media Booster\uninst.exe
AddRemove-bet365casino - c:\casino\Casino at bet365\_SetupCasino_a616b8.exe
AddRemove-OldschoolRO - a:\spiele\RO - Kopie\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-907013825-1055173690-614559143-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-907013825-1055173690-614559143-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-907013825-1055173690-614559143-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1f,a2,26,c1,c3,02,4f,29,5c,17,0c,3b,4c,b6,65,b6,ea,d6,a5,41,06,14,1d,
f7,05,c3,c7,20,79,11,98,da,ac,a6,dc,76,f2,e6,d0,9d,5e,66,72,59,51,91,fb,00,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-907013825-1055173690-614559143-1001\Software\SecuROM\License information*]
"datasecu"=hex:b5,98,b5,b6,7c,f0,00,dc,af,4f,c3,03,4c,b0,87,cd,a2,96,d8,90,16,
ec,f0,8c,34,68,59,d3,6e,2d,b2,b8,7d,97,ec,d1,7d,8e,46,15,a3,e6,4d,1c,0c,2b,\
"rkeysecu"=hex:22,73,f5,fc,76,ca,35,b2,2e,50,da,5b,ad,a8,8f,46
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-14 13:15:18
ComboFix-quarantined-files.txt 2012-07-14 11:15
.
Vor Suchlauf: 21 Verzeichnis(se), 78.162.345.984 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 77.645.312.000 Bytes frei
.
- - End Of File - - 2D789F75D9B98ED3C0F6A67A721DF274
|
|
14.07.2012, 15:23
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU/ angebliche Bundespolizei/ Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2012, 13:15
| #24 |
| | GVU/ angebliche Bundespolizei/ Trojaner Hey, sorry hat ein bisschen länger gedauert hatte noch eine Prüfung. Hier sind die Logs: GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-16 14:10:22
Windows 6.1.7600
Running: sq5pcnsy.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313b8238d
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313b8238d (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:18:36 on 16.07.2012 OS: Windows 7 Home Premium Edition (Build 7600), 64-bit Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL "Pando" - "Pando Networks" - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - ? - C:\Windows\system32\Drivers\CVPNDRVA.sys (File found, but it contains no detailed information) "dump_wmimmc" (dump_wmimmc) - ? - C:\Program Files\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys (File not found) "EagleX64" (EagleX64) - ? - C:\Windows\system32\drivers\EagleX64.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "Mkd2Bthf" (Mkd2Bthf) - "AhnLab, Inc." - C:\Windows\System32\drivers\Mkd2Bthf.sys "Mkd2Nadr" (Mkd2Nadr) - "AhnLab, Inc." - C:\Windows\System32\drivers\Mkd2Nadr.sys "Mkd3kfNt" (Mkd3kfNt) - "AhnLab, Inc." - C:\Windows\System32\drivers\Mkd3kfNt.sys "NPPTNT2" (NPPTNT2) - ? - C:\Windows\system32\npptNT2.sys (File not found) "NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys "Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - ? - C:\Windows\System32\drivers\RTKVHD64.sys (File not found) "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {D1F8BD1E-7967-11D2-B43A-006094B9EADB} "SAP HTML Pluggable Protocol" - "SAP, Walldorf" - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll {D1F8BD1E-7967-11D2-B43A-006094B9EADB} "SAP HTML Pluggable Protocol" - "SAP, Walldorf" - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files (x86)\real\realplayer\rpshell.dll {30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll {30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll {30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll {30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll {3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll {3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll {3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll {3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll {3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll {3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll {30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll {C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll {C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files (x86)\WinRAR\rarext.dll {B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {063F7D71-5E0B-48F2-87D5-F63C5917947E} "Aosmgr Control" - "AhnLab, Inc." - C:\PROGRA~2\AhnLab\ASP\COMPON~1\aosmgr\aosmgr.ocx / hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab {CC450D71-CC90-424C-8638-1F2DBAC87A54} "ArmHelper Control" - ? - ./Images/armhelper.ocx (File not found) / file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/armhelper.ocx {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {149E45D8-163E-4189-86FC-45022AB2B6C9} "SpinTop DRM Control" - "SpinTop Media Inc." - C:\Windows\Downloaded Program Files\stg_drm.ocx / file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/stg_drm.ocx -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll "Senden an Bluetooth" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Acer VCM.lnk" - "Acer Incorporated" - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Bluetooth.lnk" - ? - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File not found) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Akamai NetSession Interface" - "Akamai Technologies, Inc" - "C:\Users\Home\AppData\Local\Akamai\netsession_win.exe" "Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "Steam" - "Valve Corporation" - "A:\Spiele\Steam\steam.exe" -silent "swg" - "Google Inc." - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ArcadeMovieService" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k "EgisTecPMMUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" "EgisUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "MDS_Menu" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SuiteTray" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe "Acer ODD Power Service" (ODDPwrSvc) - "Acer Incorporated" - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Akamai NetSession Interface" (Akamai) - "Akamai Technologies, Inc" - c:\program files (x86)\common files\akamai\netsession_win_4f7fccd.dll "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe "BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe "nProtect GameGuard Service" (npggsvc) - ? - C:\Windows\system32\GameMon.des -service (File not found) "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe "NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File not found) "PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe (File not found) "Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe "Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe "Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-16 13:26:59
-----------------------------
13:26:59.869 OS Version: Windows x64 6.1.7600
13:26:59.869 Number of processors: 4 586 0x2502
13:26:59.869 ComputerName: HOME-PC UserName: Home
13:27:01.089 Initialize success
13:27:06.881 AVAST engine defs: 12071600
13:28:12.151 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:28:12.161 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
13:28:12.221 Disk 0 MBR read successfully
13:28:12.221 Disk 0 MBR scan
13:28:12.231 Disk 0 Windows 7 default MBR code
13:28:12.241 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
13:28:12.271 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
13:28:12.291 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 231828 MB offset 27469824
13:28:12.301 Disk 0 Partition - 00 0F Extended LBA 231698 MB offset 502253568
13:28:12.321 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 231697 MB offset 502255616
13:28:12.361 Disk 0 scanning C:\Windows\system32\drivers
13:28:24.900 Service scanning
13:29:03.732 Modules scanning
13:29:04.062 Disk 0 trace - called modules:
13:29:04.102 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
13:29:04.112 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c64060]
13:29:04.112 3 CLASSPNP.SYS[fffff88001a9343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049aa050]
13:29:04.122 Scan finished successfully
13:30:49.295 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
13:30:49.295 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
|
|
16.07.2012, 16:33
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU/ angebliche Bundespolizei/ Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.07.2012, 12:43
| #26 |
| | GVU/ angebliche Bundespolizei/ Trojaner Hey, okay klingt ja schon mal gut, hier sind noch die beide Vollscans:Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.17.07 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Home :: HOME-PC [Administrator] Schutz: Aktiviert 17.07.2012 11:08:22 mbam-log-2012-07-17 (11-08-22).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 624235 Laufzeit: 2 Stunde(n), 19 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/16/2012 at 10:42 PM
Application Version : 5.5.1006
Core Rules Database Version : 8907
Trace Rules Database Version: 6719
Scan type : Complete Scan
Total Scan Time : 02:13:07
Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator
Memory items scanned : 857
Memory threats detected : 0
Registry items scanned : 69386
Registry threats detected : 0
File items scanned : 141311
File threats detected : 459
Adware.Tracking Cookie
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\MTIKVEXY.txt [ /atdmt.com ]
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\R4UIOVAX.txt [ /tracking.quisma.com ]
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\SZ115G2T.txt [ /fastclick.net ]
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\B594BWHR.txt [ /c.atdmt.com ]
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\30CU9Q0D.txt [ /ad.zanox.com ]
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\K130K4JY.txt [ /mediaplex.com ]
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\QFWIDD3C.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\OU0RCQOD.txt [ /apmebf.com ]
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\R3DDYJPW.txt [ /imrworldwide.com ]
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\YK74671Q.txt [ /adfarm1.adition.com ]
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\WK3ZOQU8.txt [ /zanox.com ]
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\VB0U0UI3.txt [ /ad1.adfarm1.adition.com ]
C:\USERS\HOME\Cookies\MTIKVEXY.txt [ Cookie:home@atdmt.com/ ]
C:\USERS\HOME\Cookies\SZ115G2T.txt [ Cookie:home@fastclick.net/ ]
C:\USERS\HOME\Cookies\B594BWHR.txt [ Cookie:home@c.atdmt.com/ ]
C:\USERS\HOME\Cookies\30CU9Q0D.txt [ Cookie:home@ad.zanox.com/ ]
C:\USERS\HOME\Cookies\K130K4JY.txt [ Cookie:home@mediaplex.com/ ]
C:\USERS\HOME\Cookies\QFWIDD3C.txt [ Cookie:home@ad2.adfarm1.adition.com/ ]
C:\USERS\HOME\Cookies\OU0RCQOD.txt [ Cookie:home@apmebf.com/ ]
C:\USERS\HOME\Cookies\R3DDYJPW.txt [ Cookie:home@imrworldwide.com/cgi-bin ]
C:\USERS\HOME\Cookies\YK74671Q.txt [ Cookie:home@adfarm1.adition.com/ ]
C:\USERS\HOME\Cookies\WK3ZOQU8.txt [ Cookie:home@zanox.com/ ]
C:\USERS\HOME\Cookies\VB0U0UI3.txt [ Cookie:home@ad1.adfarm1.adition.com/ ]
delivery.ibanner.de [ C:\USERS\HOME\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VMFBM8J6 ]
.doubleclick.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
tracking.mlsat02.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
server.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
server.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.moviepilot.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.game-advertising-online.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.ad-emea.doubleclick.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.unister-adservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.oms.122.2o7.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
zbox.zanox.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adformdsp.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.usenext.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
advertising.finon.info [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tto2.traffictrack.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
forum.elitekingdoms.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
forum.elitekingdoms.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ads.saymedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.saymedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.saymedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
partners.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
stats.gluxx.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aelienajokq.stats.esomniture.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
stats.bmw.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
stats.computecmedia.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
stats.bmw.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wnliagd5mkq.stats.esomniture.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
tomtailor.dyntracker.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
beacons.hottraffic.nl [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
www.nettrack.nl [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.kpn.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.kpn.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.kpn.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.kpn.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.edgeadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.edgeadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.view.atdmt.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.conversioncompany.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.conversioncompany.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.conversioncompany.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.conversioncompany.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.ffdthuisapotheek.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.ffdthuisapotheek.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.ffdthuisapotheek.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.ffdthuisapotheek.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Skelten[Ex]
C:\SERVER\EATHENA\TOOLS\DIFF PATCHER\K3DTDIFFPATCHER_BETA.EXE
Heur.Agent/Gen-WhiteBox
C:\SPIELE\TOM CLANCYS RAINBOW SIX_DOWNLOADER.EXE
Trojan.Agent/Gen-Sisproc
C:\WINDOWS\IFINST27.EXE
|
|
18.07.2012, 11:26
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU/ angebliche Bundespolizei/ TrojanerCode:
ATTFilter Trojan.Agent/Gen-Skelten[Ex]
C:\SERVER\EATHENA\TOOLS\DIFF PATCHER\K3DTDIFFPATCHER_BETA.EXE
Heur.Agent/Gen-WhiteBox
C:\SPIELE\TOM CLANCYS RAINBOW SIX_DOWNLOADER.EXE
Trojan.Agent/Gen-Sisproc
C:\WINDOWS\IFINST27.EXE
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2012, 11:39
| #28 |
| | GVU/ angebliche Bundespolizei/ Trojaner Hey, also der Diff Patcher und das Spiel ja, sprich die ersten beiden, aber das letzte hab ich noch nie gesehen keine Ahnung was das ist. ^o^ Gruß Christian |
|
18.07.2012, 19:28
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU/ angebliche Bundespolizei/ Trojaner Kannst du mir alle drei Dateien mal zusammen in eine zip Datei packen und bei uns hochladen? => http://www.trojaner-board.de/54791-a...ner-board.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2012, 21:55
| #30 |
| | GVU/ angebliche Bundespolizei/ Trojaner Hey, ja hab alle 3 Dateien als .rar Datei hochgeladen hoffe das passt so. Gruß Christian |
|
| Themen zu GVU/ angebliche Bundespolizei/ Trojaner |
| 7-zip, akamai, alternate, audacity, avira, battle.net, bho, bingbar, black, bonjour, call of duty, converter, desktop, ebay, error, excel, firefox 13.0.1, flash player, home, igdpmd64.sys, install.exe, logfile, microsoft office word, mozilla, mp3, msiinstaller, office 2007, plug-in, pmmupdate.exe, problem, registry, scan, searchscopes, security, senden, software, storm, svchost.exe, teamspeak, trojane, trojaner, usb, vcredist, visual studio, windows |
Linear-Darstellung
