Bundespolzei Trojaner

cosinus · 10.09.2012, 14:03

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Charlene · 10.09.2012, 20:43

okay. Das hier ist das Log-File:

Code:

ATTFilter

OTL logfile created on: 10.09.2012 20:37:00 - Run 4
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\XXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 67,07% Memory free
7,59 Gb Paging File | 5,55 Gb Available in Paging File | 73,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 11,09 Gb Free Space | 9,53% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 42,60 Gb Free Space | 12,92% Space Free | Partition Type: NTFS
Drive E: | 5,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 465,76 Gb Total Space | 90,08 Gb Free Space | 19,34% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 189,23 Gb Free Space | 20,31% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.10 20:35:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
PRC - [2012.08.27 08:06:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PRC - [2012.04.24 12:53:32 | 000,215,688 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
PRC - [2012.04.24 12:53:26 | 001,197,704 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
PRC - [2012.03.26 23:45:22 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012.03.26 23:45:18 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.06 11:14:06 | 000,277,344 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
PRC - [2012.02.06 11:13:48 | 000,558,944 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
PRC - [2012.02.02 14:08:46 | 001,453,704 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
PRC - [2012.01.23 13:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe
PRC - [2011.06.28 22:53:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.28 08:34:02 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.03 08:45:14 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.15 14:34:36 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.02.22 16:17:50 | 001,226,024 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.01.13 18:19:42 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.01.13 18:11:52 | 007,109,248 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.01.05 22:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.16 02:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.08.12 21:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009.07.31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.02 15:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.26 03:24:03 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012.08.26 03:24:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.08.26 03:23:56 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.08.26 03:23:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.08.26 03:23:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.08.26 03:23:36 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.08.26 03:23:29 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.08.23 20:27:03 | 000,541,696 | ---- | M] () -- C:\Users\XXX\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
MOD - [2012.05.01 15:54:22 | 002,020,416 | ---- | M] () -- C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll
MOD - [2012.04.24 12:53:54 | 000,549,512 | ---- | M] () -- C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll
MOD - [2012.02.06 11:14:06 | 000,277,344 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
MOD - [2012.02.06 11:13:48 | 000,558,944 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.12.08 21:06:24 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009.09.16 02:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2008.02.07 11:05:18 | 000,163,840 | ---- | M] () -- C:\Windows\SysWOW64\hppatusg01.dll
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.11.02 15:52:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPUsageTracking.dll
MOD - [2007.11.02 15:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe
MOD - [2007.11.02 15:52:38 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPToolkit.dll
MOD - [2007.11.02 15:52:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\Enumeration.dll
MOD - [2007.11.02 15:52:22 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPTools.dll
MOD - [2007.11.02 15:52:16 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPStreamsInterface.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2010.03.05 19:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010.03.05 19:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010.03.05 19:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009.09.17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.08.06 23:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.09.08 09:13:16 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.08 09:09:13 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.08.15 23:38:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.24 12:53:32 | 000,215,688 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2012.03.27 00:45:44 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.03.27 00:38:46 | 000,542,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.03.26 23:45:22 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.03.26 23:45:18 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012.01.23 13:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2011.06.28 22:53:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.28 08:34:02 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.09.02 08:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.06.28 22:53:03 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 22:53:03 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.05 07:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.25 07:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.04.16 20:45:50 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010.03.18 07:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010.02.27 01:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.03 15:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.04 07:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.08.21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.08.20 20:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.08.06 23:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.07.21 03:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008.12.08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1764841805-649058455-644050874-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1764841805-649058455-644050874-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-1764841805-649058455-644050874-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1764841805-649058455-644050874-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1764841805-649058455-644050874-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1764841805-649058455-644050874-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1764841805-649058455-644050874-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1764841805-649058455-644050874-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1764841805-649058455-644050874-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 09:13:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 09:13:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 09:13:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 09:13:13 | 000,000,000 | ---D | M]
 
[2010.10.29 18:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2012.09.09 21:03:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\rl45wb5x.default\extensions
[2012.08.30 21:58:11 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\rl45wb5x.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012.09.09 21:03:52 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\rl45wb5x.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012.07.27 00:07:25 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\rl45wb5x.default\extensions\stealthyextension@gmail.com.xpi
[2012.08.29 21:58:16 | 003,258,540 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\rl45wb5x.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
[2012.09.08 09:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.08 09:13:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.08 09:13:11 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Program Files (x86)\mozilla firefox\extensions\ocr@babylon.com
[2012.09.08 09:13:16 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.22 09:41:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 19:15:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.22 09:41:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.22 09:41:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.22 09:41:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.22 09:41:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (My Personal Homepage) - {0538CF1C-8419-4800-ADBB-0C00C799FDA2} - C:\Users\XXX\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rl45wb5x.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.dll File not found
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rl45wb5x.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.dll File not found
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1764841805-649058455-644050874-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1764841805-649058455-644050874-1000..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-21-1764841805-649058455-644050874-1001..\Run: [GenieoSystemTray] C:\Users\XXX\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe ()
O4 - HKU\S-1-5-21-1764841805-649058455-644050874-1001..\Run: [GenieoUpdaterService] C:\Users\XXX\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe ()
O4 - HKU\S-1-5-21-1764841805-649058455-644050874-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1764841805-649058455-644050874-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1764841805-649058455-644050874-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O7 - HKU\S-1-5-21-1764841805-649058455-644050874-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Java Plug-in 1.7.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Java Plug-in 1.7.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F4AA978-173C-429A-A3E3-4BA569375A93}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.02.04 11:33:12 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2006.02.04 11:33:04 | 000,724,992 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2006.01.31 04:56:47 | 000,942,080 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2006.02.04 12:03:19 | 000,000,161 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.12.14 11:00:22 | 000,008,192 | ---- | M] (Microsoft) - I:\AutoOff.exe -- [ NTFS ]
O32 - Unable to obtain root file information for disk I:\
O33 - MountPoints2\{ac64562a-c0c4-11df-a5de-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ac64562a-c0c4-11df-a5de-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006.02.04 11:33:04 | 000,724,992 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.10 20:35:11 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2012.09.09 15:53:55 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edain Mod
[2012.09.09 13:51:30 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Die Schlacht um Mittelerde™ II Vista Patch
[2012.09.09 13:41:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Die Schlacht um Beleriand II
[2012.09.09 13:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Schlacht um Beleriand II
[2012.09.09 13:40:30 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2012.09.09 13:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012.09.09 13:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012.09.09 13:20:18 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\EM 6.1 Fix-Version
[2012.09.09 13:19:59 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elvenstar Mod
[2012.09.09 13:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elvenstar Mod
[2012.09.09 13:09:53 | 017,239,542 | ---- | C] (Elvenstar Team                                              ) -- C:\Users\XXX\Desktop\ElvenstarMod5.7.exe
[2012.09.09 11:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.09.08 19:31:00 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\ini
[2012.09.08 18:42:45 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\My Battle for Middle-earth Files
[2012.09.08 09:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.02 10:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.30 21:24:59 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2012.08.30 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.08.30 21:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2012.08.30 21:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2012.08.27 08:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.25 14:04:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Google
[2012.08.25 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Decrypt Output
[2012.08.25 02:21:33 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012.08.24 21:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.08.24 21:07:12 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Anti-Malware
[2012.08.24 20:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.08.24 19:44:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.08.24 19:41:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.08.23 07:51:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.22 07:54:31 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2012.08.22 07:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.22 07:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.22 07:54:03 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.22 07:54:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.17 18:46:51 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Anvsoft
[2012.08.13 19:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.08.13 19:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.08.13 19:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.08.13 19:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.08.13 19:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2008.08.12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.10 20:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.10 20:35:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2012.09.10 20:08:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.10 20:08:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.10 19:23:29 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 19:23:29 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 19:14:56 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.09.10 19:14:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.10 19:14:29 | 3055,706,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.09 15:53:56 | 000,000,345 | ---- | M] () -- C:\Users\XXX\Desktop\Edain Mod Switcher.lnk
[2012.09.09 13:45:07 | 000,000,305 | ---- | M] () -- C:\Users\XXX\Desktop\The Battle for Numenor.lnk
[2012.09.09 13:41:16 | 000,002,321 | ---- | M] () -- C:\Users\XXX\Desktop\Die Schlacht um Beleriand II starten.lnk
[2012.09.09 13:38:28 | 000,002,293 | ---- | M] () -- C:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk
[2012.09.09 13:20:08 | 000,001,294 | ---- | M] () -- C:\Users\XXX\Desktop\ElvenstarMod 6.0.lnk
[2012.09.09 13:10:31 | 000,002,236 | ---- | M] () -- C:\Users\XXX\Desktop\Elvenstar Mod 5.7.lnk
[2012.09.07 08:17:35 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.07 08:17:35 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.07 08:17:35 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.07 08:17:35 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.07 08:17:35 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.05 21:36:30 | 000,511,265 | ---- | M] () -- C:\Users\XXX\Desktop\adwcleaner.exe
[2012.09.03 08:31:50 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.08.30 21:19:30 | 000,002,234 | ---- | M] () -- C:\Users\Public\Desktop\Die Schlacht um Mittelerde(tm).lnk
[2012.08.26 03:20:46 | 000,002,406 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.08.25 03:21:49 | 000,002,025 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.08.25 03:20:04 | 000,489,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.22 07:54:05 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.16 03:27:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\cd.dat
[2012.08.13 19:54:10 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.08.13 19:48:16 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.08.11 21:42:01 | 564,213,232 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2012.09.09 15:53:56 | 000,000,345 | ---- | C] () -- C:\Users\XXX\Desktop\Edain Mod Switcher.lnk
[2012.09.09 13:45:07 | 000,000,305 | ---- | C] () -- C:\Users\XXX\Desktop\The Battle for Numenor.lnk
[2012.09.09 13:41:16 | 000,002,321 | ---- | C] () -- C:\Users\XXX\Desktop\Die Schlacht um Beleriand II starten.lnk
[2012.09.09 13:38:28 | 000,002,293 | ---- | C] () -- C:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk
[2012.09.09 13:20:00 | 000,001,294 | ---- | C] () -- C:\Users\XXX\Desktop\ElvenstarMod 6.0.lnk
[2012.09.09 13:10:31 | 000,002,236 | ---- | C] () -- C:\Users\XXX\Desktop\Elvenstar Mod 5.7.lnk
[2012.09.08 18:41:45 | 000,640,335 | ---- | C] (                                                            ) -- C:\Users\XXX\Desktop\Carn Dûm (MP for fast comps).exe
[2012.09.03 08:28:38 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.08.30 21:19:30 | 000,002,234 | ---- | C] () -- C:\Users\Public\Desktop\Die Schlacht um Mittelerde(tm).lnk
[2012.08.24 07:22:49 | 000,511,265 | ---- | C] () -- C:\Users\XXX\Desktop\adwcleaner.exe
[2012.08.22 07:54:05 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.16 03:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012.08.13 19:54:10 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.08.13 19:48:16 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.08.06 12:58:10 | 000,065,853 | ---- | C] () -- C:\Users\XXX\ESt2011_Seipp_XXX.elfo
[2011.09.19 08:53:03 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.09.19 08:50:07 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.08.25 21:10:31 | 000,066,861 | ---- | C] () -- C:\Users\XXX\ESt2010_Seipp_XXX_Jörg.elfo
[2011.07.19 08:52:06 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\winscp.rnd
[2011.03.19 18:37:35 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.11 13:05:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.07 20:45:01 | 000,160,936 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.10.30 20:44:53 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.30 20:44:53 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT
[2010.10.29 19:44:05 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2010.10.29 19:43:55 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.10.29 19:43:53 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010.10.29 19:43:53 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.10.29 19:43:53 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.10.29 19:43:53 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.09.15 14:29:47 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010.09.15 14:04:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.04.08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2011.12.29 14:28:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Amazon
[2012.08.06 06:02:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AnvsoftPdfTools
[2010.10.29 22:10:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Asus WebStorage
[2010.12.25 21:21:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Big Fish Games
[2012.08.11 10:46:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\BSW
[2012.08.24 22:52:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\calibre
[2012.02.18 16:36:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoft
[2012.02.18 16:35:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.06 12:43:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\elsterformular
[2012.05.01 15:54:23 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Fighters
[2012.07.02 08:24:55 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FireShot
[2011.09.20 06:31:56 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Genieo
[2011.09.18 14:01:47 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\JAM Software
[2011.11.05 09:32:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Leadertech
[2012.09.02 14:34:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2012.09.09 14:21:47 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2012.09.08 18:42:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\My Battle for Middle-earth Files
[2012.05.03 20:52:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sports Interactive
[2012.08.05 10:48:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Vyry
[2012.08.04 18:29:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Yqxoho
[2011.12.15 09:27:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.08.05 14:19:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Adobe
[2011.12.29 14:28:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Amazon
[2012.08.06 06:02:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AnvsoftPdfTools
[2012.05.01 14:44:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Apple Computer
[2010.10.29 22:10:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Asus WebStorage
[2010.12.28 20:45:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Avira
[2010.12.25 21:21:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Big Fish Games
[2010.11.17 21:15:43 | 000,000,000 | R--D | M] -- C:\Users\XXX\AppData\Roaming\Brother
[2012.08.11 10:46:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\BSW
[2012.08.24 22:52:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\calibre
[2010.12.21 22:27:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CyberLink
[2012.02.18 16:36:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoft
[2012.02.18 16:35:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.06 12:43:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\elsterformular
[2012.05.01 15:54:23 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Fighters
[2012.07.02 08:24:55 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FireShot
[2011.09.20 06:31:56 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Genieo
[2012.08.25 14:04:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Google
[2010.12.08 21:04:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Hewlett-Packard
[2010.12.08 21:04:32 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\HP
[2010.10.29 18:31:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Identities
[2010.10.29 18:31:55 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Intel
[2011.09.18 14:01:47 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\JAM Software
[2011.11.05 09:32:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Leadertech
[2011.11.05 09:30:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Logishrd
[2011.11.05 09:33:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Logitech
[2010.10.29 18:33:22 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Macromedia
[2012.08.22 07:54:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Media Center Programs
[2010.11.27 15:56:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Media Player Classic
[2012.09.02 14:34:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2012.09.09 14:21:47 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2012.06.23 08:48:58 | 000,000,000 | --SD | M] -- C:\Users\XXX\AppData\Roaming\Microsoft
[2010.10.29 18:36:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla
[2012.09.08 18:42:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\My Battle for Middle-earth Files
[2010.10.30 18:50:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Nero
[2012.08.30 07:40:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Skype
[2011.11.13 13:21:02 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\skypePM
[2012.05.03 20:52:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sports Interactive
[2012.05.05 13:32:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\vlc
[2012.08.05 10:48:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Vyry
[2010.10.29 19:18:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WinRAR
[2012.08.04 18:29:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Yqxoho
 
< %APPDATA%\*.exe /s >
[2012.08.06 12:36:08 | 021,877,160 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\XXX\AppData\Roaming\elsterformular\update\ElsterFormular_update-12_3_2_6814p.exe
[2012.02.06 11:12:06 | 000,028,000 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Engine\bin\debugInfoCollector.exe
[2012.02.06 11:12:02 | 000,048,992 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Engine\bin\genieo.exe
[2012.02.06 11:12:04 | 000,045,920 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Engine\bin\genieo_console.exe
[2012.02.06 11:11:10 | 000,046,944 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Engine\lib\genieutils.exe
[2011.09.19 10:00:34 | 000,082,229 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Partner\avg2\bin\license.exe
[2011.09.19 10:00:36 | 000,051,792 | ---- | M] (Genieo Innovation LTD) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Partner\uninstall\avg2\partner_uninstall.exe
[2012.02.06 11:13:48 | 000,558,944 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
[2012.02.07 07:37:14 | 000,038,058 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\uninstall\chrome_ext_uninstall.exe
[2012.02.07 07:37:14 | 000,036,091 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\uninstall\ff_ext_uninstall.exe
[2012.09.10 20:45:35 | 000,033,397 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Genieo\Application\uninstall\firsttime_uninstall.exe
[2012.02.07 07:38:00 | 000,034,521 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\uninstall\framework_uninstall.exe
[2012.02.07 07:37:09 | 000,034,439 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\uninstall\ieplugins_uninstall.exe
[2012.02.07 07:37:14 | 000,038,028 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\uninstall\opera_ext_uninstall.exe
[2011.09.20 06:32:19 | 000,033,568 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Genieo\Application\uninstall\prepenv_uninstall.exe
[2012.02.07 07:37:12 | 000,034,453 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\uninstall\trayapp_uninstall.exe
[2012.02.06 11:14:08 | 000,045,728 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Updater\bin\firsttime_setup.exe
[2012.02.06 11:14:06 | 000,277,344 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
[2011.08.31 19:21:04 | 000,710,360 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Updater\genieo_temp\genieo_setup.exe
[2011.08.31 19:21:02 | 000,468,792 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Updater\genieo_temp\InstallAVGHomepage.exe
[2012.02.07 07:36:52 | 000,073,283 | ---- | M] (Genieo Innovation Ltd.) -- C:\Users\XXX\AppData\Roaming\Genieo\Application\Updater\uninstall\updater_uninstall.exe
[2011.11.05 09:32:15 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.08.30 21:14:10 | 000,060,824 | ---- | M] (getfireshot.com) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rl45wb5x.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\crashreporter.exe
[2012.08.30 21:14:08 | 000,145,816 | ---- | M] (getfireshot.com) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rl45wb5x.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe
[2012.08.30 21:13:42 | 000,074,648 | ---- | M] (getfireshot.com) -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rl45wb5x.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe
 
< %SYSTEMDRIVE%\*.exe >
[2012.07.25 20:39:46 | 003,360,256 | ---- | M] (© by Turin Turumbar Productions) -- C:\edainmodstarter.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\eSupport\eDriver\Software\IRST\64\IASTOR.SYS
[2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys
[2009.12.17 04:25:25 | 000,433,176 | ---- | M] (Intel Corporation) MD5=8CDACD4AD63D49834C6B59DB102E7CD7 -- C:\eSupport\eDriver\Software\IRST\32\IASTOR.SYS
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.09.15 14:04:24 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.09.15 14:04:24 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 10.09.2012, 22:03

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
FF - user.js - File not found
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.useDBForOrder: ""
O4 - HKU\S-1-5-21-1764841805-649058455-644050874-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O7 - HKU\S-1-5-21-1764841805-649058455-644050874-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.02.04 11:33:12 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2006.02.04 11:33:04 | 000,724,992 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2006.01.31 04:56:47 | 000,942,080 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2006.02.04 12:03:19 | 000,000,161 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.12.14 11:00:22 | 000,008,192 | ---- | M] (Microsoft) - I:\AutoOff.exe -- [ NTFS ]
O32 - Unable to obtain root file information for disk I:\
O33 - MountPoints2\{ac64562a-c0c4-11df-a5de-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ac64562a-c0c4-11df-a5de-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006.02.04 11:33:04 | 000,724,992 | R--- | M] (Electronic Arts Inc.)
:Files
C:\Users\XXX\AppData\Roaming\Yqxoho
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Charlene · 11.09.2012, 06:03

hier das Log-File dazu:

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.useDBForOrder
Registry value HKEY_USERS\S-1-5-21-1764841805-649058455-644050874-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1764841805-649058455-644050874-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
I:\AutoOff.exe moved successfully.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac64562a-c0c4-11df-a5de-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac64562a-c0c4-11df-a5de-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac64562a-c0c4-11df-a5de-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac64562a-c0c4-11df-a5de-806e6f6e6963}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Users\XXX\AppData\Roaming\Yqxoho folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\XXX\Desktop\cmd.bat deleted successfully.
C:\Users\XXX\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: XXX
->Temp folder emptied: 1618838505 bytes
->Temporary Internet Files folder emptied: 51687264 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 672857036 bytes
->Flash cache emptied: 11493 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 371834 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.235,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.3 log created on 09112012_065022

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
C:\Users\XXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 11.09.2012, 15:56

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Charlene · 11.09.2012, 20:02

so geschehen. Es wurden zwei threats gemeldet die ich mit skip behandelt habe. Hier das Log-File:

Code:

ATTFilter

20:56:45.0297 7276  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:56:47.0300 7276  ============================================================
20:56:47.0300 7276  Current date / time: 2012/09/11 20:56:47.0300
20:56:47.0300 7276  SystemInfo:
20:56:47.0300 7276  
20:56:47.0300 7276  OS Version: 6.1.7601 ServicePack: 1.0
20:56:47.0300 7276  Product type: Workstation
20:56:47.0300 7276  ComputerName: XXX-PC
20:56:47.0301 7276  UserName: XXX
20:56:47.0301 7276  Windows directory: C:\Windows
20:56:47.0301 7276  System windows directory: C:\Windows
20:56:47.0301 7276  Running under WOW64
20:56:47.0301 7276  Processor architecture: Intel x64
20:56:47.0301 7276  Number of processors: 4
20:56:47.0301 7276  Page size: 0x1000
20:56:47.0301 7276  Boot type: Normal boot
20:56:47.0301 7276  ============================================================
20:56:47.0948 7276  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:56:47.0955 7276  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:56:48.0298 7276  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:56:48.0303 7276  ============================================================
20:56:48.0303 7276  \Device\Harddisk0\DR0:
20:56:48.0303 7276  MBR partitions:
20:56:48.0303 7276  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0xE8E0168
20:56:48.0326 7276  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF2000, BlocksNum 0x29393800
20:56:48.0326 7276  \Device\Harddisk1\DR1:
20:56:48.0426 7276  MBR partitions:
20:56:48.0426 7276  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:56:48.0426 7276  \Device\Harddisk2\DR2:
20:56:48.0427 7276  MBR partitions:
20:56:48.0427 7276  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
20:56:48.0427 7276  ============================================================
20:56:48.0467 7276  C: <-> \Device\Harddisk0\DR0\Partition1
20:56:48.0497 7276  D: <-> \Device\Harddisk0\DR0\Partition2
20:56:48.0543 7276  G: <-> \Device\Harddisk1\DR1\Partition1
20:56:48.0881 7276  I: <-> \Device\Harddisk2\DR2\Partition1
20:56:48.0881 7276  ============================================================
20:56:48.0881 7276  Initialize success
20:56:48.0881 7276  ============================================================
20:58:26.0731 7228  ============================================================
20:58:26.0731 7228  Scan started
20:58:26.0731 7228  Mode: Manual; SigCheck; TDLFS; 
20:58:26.0731 7228  ============================================================
20:58:29.0568 7228  ================ Scan system memory ========================
20:58:29.0568 7228  System memory - ok
20:58:29.0569 7228  ================ Scan services =============================
20:58:29.0763 7228  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:58:29.0865 7228  1394ohci - ok
20:58:29.0902 7228  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:58:29.0925 7228  ACPI - ok
20:58:29.0956 7228  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:58:30.0008 7228  AcpiPmi - ok
20:58:30.0181 7228  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:58:30.0204 7228  AdobeFlashPlayerUpdateSvc - ok
20:58:30.0277 7228  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:58:30.0307 7228  adp94xx - ok
20:58:30.0349 7228  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:58:30.0376 7228  adpahci - ok
20:58:30.0413 7228  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:58:30.0439 7228  adpu320 - ok
20:58:30.0483 7228  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:58:30.0560 7228  AeLookupSvc - ok
20:58:30.0590 7228  [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] AFBAgent        C:\Windows\system32\FBAgent.exe
20:58:30.0621 7228  AFBAgent - ok
20:58:30.0678 7228  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:58:30.0727 7228  AFD - ok
20:58:30.0773 7228  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:58:30.0792 7228  agp440 - ok
20:58:30.0825 7228  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:58:30.0861 7228  ALG - ok
20:58:30.0892 7228  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:58:30.0907 7228  aliide - ok
20:58:30.0919 7228  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:58:30.0932 7228  amdide - ok
20:58:30.0969 7228  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:58:31.0003 7228  AmdK8 - ok
20:58:31.0017 7228  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:58:31.0051 7228  AmdPPM - ok
20:58:31.0082 7228  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:58:31.0097 7228  amdsata - ok
20:58:31.0133 7228  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:58:31.0151 7228  amdsbs - ok
20:58:31.0164 7228  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:58:31.0177 7228  amdxata - ok
20:58:31.0218 7228  [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
20:58:31.0255 7228  AmUStor - ok
20:58:31.0373 7228  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:58:31.0390 7228  AntiVirSchedulerService - ok
20:58:31.0435 7228  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:58:31.0447 7228  AntiVirService - ok
20:58:31.0505 7228  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:58:31.0577 7228  AppID - ok
20:58:31.0615 7228  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:58:31.0693 7228  AppIDSvc - ok
20:58:31.0756 7228  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:58:31.0816 7228  Appinfo - ok
20:58:31.0939 7228  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:58:31.0956 7228  Apple Mobile Device - ok
20:58:31.0989 7228  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:58:32.0010 7228  arc - ok
20:58:32.0026 7228  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:58:32.0040 7228  arcsas - ok
20:58:32.0100 7228  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
20:58:32.0119 7228  ASLDRService - ok
20:58:32.0134 7228  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
20:58:32.0145 7228  ASMMAP64 - ok
20:58:32.0178 7228  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:58:32.0263 7228  AsyncMac - ok
20:58:32.0325 7228  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:58:32.0346 7228  atapi - ok
20:58:32.0401 7228  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:58:32.0497 7228  athr - ok
20:58:32.0527 7228  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
20:58:32.0539 7228  ATKGFNEXSrv - ok
20:58:32.0600 7228  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:58:32.0678 7228  AudioEndpointBuilder - ok
20:58:32.0689 7228  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:58:32.0729 7228  AudioSrv - ok
20:58:32.0780 7228  [ B1224E6B086CD6548315B04AB575A23E ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:58:32.0793 7228  avgntflt - ok
20:58:32.0826 7228  [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:58:32.0841 7228  avipbb - ok
20:58:32.0898 7228  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:58:32.0948 7228  AxInstSV - ok
20:58:33.0016 7228  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:58:33.0060 7228  b06bdrv - ok
20:58:33.0097 7228  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:58:33.0137 7228  b57nd60a - ok
20:58:33.0203 7228  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:58:33.0242 7228  BDESVC - ok
20:58:33.0272 7228  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:58:33.0340 7228  Beep - ok
20:58:33.0434 7228  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:58:33.0528 7228  BFE - ok
20:58:33.0564 7228  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:58:33.0647 7228  BITS - ok
20:58:33.0681 7228  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:58:33.0726 7228  blbdrive - ok
20:58:33.0817 7228  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:58:33.0844 7228  Bonjour Service - ok
20:58:33.0877 7228  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:58:33.0900 7228  bowser - ok
20:58:33.0934 7228  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:58:33.0971 7228  BrFiltLo - ok
20:58:33.0989 7228  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:58:34.0015 7228  BrFiltUp - ok
20:58:34.0053 7228  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:58:34.0082 7228  Browser - ok
20:58:34.0109 7228  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:58:34.0150 7228  Brserid - ok
20:58:34.0170 7228  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:58:34.0192 7228  BrSerWdm - ok
20:58:34.0212 7228  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:58:34.0241 7228  BrUsbMdm - ok
20:58:34.0254 7228  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:58:34.0273 7228  BrUsbSer - ok
20:58:34.0294 7228  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:58:34.0317 7228  BTHMODEM - ok
20:58:34.0367 7228  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:58:34.0428 7228  bthserv - ok
20:58:34.0460 7228  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:58:34.0497 7228  cdfs - ok
20:58:34.0542 7228  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:58:34.0579 7228  cdrom - ok
20:58:34.0636 7228  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:58:34.0708 7228  CertPropSvc - ok
20:58:34.0740 7228  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:58:34.0756 7228  circlass - ok
20:58:34.0802 7228  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:58:34.0832 7228  CLFS - ok
20:58:34.0907 7228  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:58:34.0923 7228  clr_optimization_v2.0.50727_32 - ok
20:58:34.0966 7228  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:58:34.0978 7228  clr_optimization_v2.0.50727_64 - ok
20:58:35.0038 7228  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:58:35.0071 7228  clr_optimization_v4.0.30319_32 - ok
20:58:35.0113 7228  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:58:35.0130 7228  clr_optimization_v4.0.30319_64 - ok
20:58:35.0160 7228  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:58:35.0195 7228  CmBatt - ok
20:58:35.0225 7228  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:58:35.0242 7228  cmdide - ok
20:58:35.0302 7228  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:58:35.0365 7228  CNG - ok
20:58:35.0409 7228  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:58:35.0430 7228  Compbatt - ok
20:58:35.0465 7228  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:58:35.0526 7228  CompositeBus - ok
20:58:35.0537 7228  COMSysApp - ok
20:58:35.0548 7228  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:58:35.0559 7228  crcdisk - ok
20:58:35.0607 7228  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:58:35.0621 7228  CryptSvc - ok
20:58:35.0672 7228  [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
20:58:35.0704 7228  dc3d - ok
20:58:35.0756 7228  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:58:35.0831 7228  DcomLaunch - ok
20:58:35.0861 7228  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:58:35.0915 7228  defragsvc - ok
20:58:35.0954 7228  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:58:36.0039 7228  DfsC - ok
20:58:36.0071 7228  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:58:36.0129 7228  Dhcp - ok
20:58:36.0153 7228  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:58:36.0205 7228  discache - ok
20:58:36.0233 7228  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:58:36.0245 7228  Disk - ok
20:58:36.0274 7228  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:58:36.0300 7228  Dnscache - ok
20:58:36.0334 7228  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:58:36.0404 7228  dot3svc - ok
20:58:36.0441 7228  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:58:36.0492 7228  DPS - ok
20:58:36.0526 7228  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:58:36.0553 7228  drmkaud - ok
20:58:36.0619 7228  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:58:36.0692 7228  DXGKrnl - ok
20:58:36.0723 7228  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:58:36.0765 7228  EapHost - ok
20:58:36.0863 7228  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:58:36.0994 7228  ebdrv - ok
20:58:37.0024 7228  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:58:37.0045 7228  EFS - ok
20:58:37.0120 7228  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:58:37.0180 7228  ehRecvr - ok
20:58:37.0218 7228  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:58:37.0254 7228  ehSched - ok
20:58:37.0304 7228  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:58:37.0338 7228  elxstor - ok
20:58:37.0380 7228  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:58:37.0407 7228  ErrDev - ok
20:58:37.0432 7228  [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
20:58:37.0458 7228  ETD - ok
20:58:37.0497 7228  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:58:37.0572 7228  EventSystem - ok
20:58:37.0684 7228  [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:58:37.0748 7228  EvtEng - ok
20:58:37.0773 7228  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:58:37.0823 7228  exfat - ok
20:58:37.0855 7228  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:58:37.0912 7228  fastfat - ok
20:58:37.0974 7228  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:58:38.0041 7228  Fax - ok
20:58:38.0066 7228  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:58:38.0108 7228  fdc - ok
20:58:38.0140 7228  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:58:38.0198 7228  fdPHost - ok
20:58:38.0208 7228  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:58:38.0247 7228  FDResPub - ok
20:58:38.0278 7228  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:58:38.0309 7228  FileInfo - ok
20:58:38.0309 7228  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:58:38.0372 7228  Filetrace - ok
20:58:38.0372 7228  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:58:38.0403 7228  flpydisk - ok
20:58:38.0434 7228  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:58:38.0460 7228  FltMgr - ok
20:58:38.0492 7228  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:58:38.0574 7228  FontCache - ok
20:58:38.0622 7228  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:58:38.0637 7228  FontCache3.0.0.0 - ok
20:58:38.0655 7228  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:58:38.0671 7228  FsDepends - ok
20:58:38.0723 7228  [ 5814011B2F6E088E29D689B5FCD49B8F ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:58:38.0733 7228  fssfltr - ok
20:58:38.0816 7228  [ F6717211C1EC2CDDAA81B97B0727C2E9 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:58:38.0851 7228  fsssvc - ok
20:58:38.0883 7228  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:58:38.0904 7228  Fs_Rec - ok
20:58:38.0950 7228  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:58:38.0982 7228  fvevol - ok
20:58:39.0012 7228  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:58:39.0025 7228  gagp30kx - ok
20:58:39.0077 7228  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:58:39.0087 7228  GEARAspiWDM - ok
20:58:39.0138 7228  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:58:39.0218 7228  gpsvc - ok
20:58:39.0311 7228  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:58:39.0329 7228  gupdate - ok
20:58:39.0377 7228  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:58:39.0393 7228  gupdatem - ok
20:58:39.0427 7228  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:58:39.0456 7228  hcw85cir - ok
20:58:39.0514 7228  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:58:39.0558 7228  HdAudAddService - ok
20:58:39.0585 7228  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:58:39.0626 7228  HDAudBus - ok
20:58:39.0671 7228  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
20:58:39.0684 7228  HECIx64 - ok
20:58:39.0698 7228  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:58:39.0724 7228  HidBatt - ok
20:58:39.0735 7228  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:58:39.0762 7228  HidBth - ok
20:58:39.0795 7228  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:58:39.0825 7228  HidIr - ok
20:58:39.0847 7228  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:58:39.0916 7228  hidserv - ok
20:58:39.0963 7228  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
20:58:39.0985 7228  HidUsb - ok
20:58:40.0022 7228  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:58:40.0116 7228  hkmsvc - ok
20:58:40.0154 7228  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:58:40.0180 7228  HomeGroupListener - ok
20:58:40.0215 7228  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:58:40.0242 7228  HomeGroupProvider - ok
20:58:40.0295 7228  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:58:40.0317 7228  HpSAMD - ok
20:58:40.0405 7228  [ 575546EE9A39DD5CB3B4E34A146A8A3E ] hshld           C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
20:58:40.0437 7228  hshld - ok
20:58:40.0497 7228  [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv          C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
20:58:40.0524 7228  HssSrv - ok
20:58:40.0565 7228  [ 4EFB7FC2A11DB10AB6205206D60C432B ] HssTrayService  C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
20:58:40.0583 7228  HssTrayService - ok
20:58:40.0603 7228  HssWd - ok
20:58:40.0665 7228  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:58:40.0765 7228  HTTP - ok
20:58:40.0795 7228  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:58:40.0815 7228  hwpolicy - ok
20:58:40.0866 7228  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:58:40.0891 7228  i8042prt - ok
20:58:40.0955 7228  [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:58:40.0985 7228  iaStor - ok
20:58:41.0029 7228  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:58:41.0050 7228  iaStorV - ok
20:58:41.0125 7228  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:58:41.0180 7228  idsvc - ok
20:58:41.0422 7228  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:58:41.0750 7228  igfx - ok
20:58:41.0796 7228  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:58:41.0820 7228  iirsp - ok
20:58:41.0862 7228  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:58:41.0935 7228  IKEEXT - ok
20:58:41.0970 7228  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
20:58:41.0997 7228  Impcd - ok
20:58:42.0076 7228  [ 53019327813FF5AB2964B33B2C61307C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:58:42.0201 7228  IntcAzAudAddService - ok
20:58:42.0247 7228  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
20:58:42.0279 7228  IntcDAud - ok
20:58:42.0325 7228  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:58:42.0341 7228  intelide - ok
20:58:42.0388 7228  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:58:42.0419 7228  intelppm - ok
20:58:42.0435 7228  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:58:42.0513 7228  IPBusEnum - ok
20:58:42.0567 7228  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:58:42.0618 7228  IpFilterDriver - ok
20:58:42.0705 7228  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:58:42.0796 7228  iphlpsvc - ok
20:58:42.0828 7228  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:58:42.0861 7228  IPMIDRV - ok
20:58:42.0891 7228  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:58:42.0964 7228  IPNAT - ok
20:58:43.0046 7228  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:58:43.0100 7228  iPod Service - ok
20:58:43.0127 7228  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:58:43.0159 7228  IRENUM - ok
20:58:43.0196 7228  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:58:43.0217 7228  isapnp - ok
20:58:43.0256 7228  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:58:43.0287 7228  iScsiPrt - ok
20:58:43.0298 7228  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:58:43.0311 7228  kbdclass - ok
20:58:43.0323 7228  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:58:43.0344 7228  kbdhid - ok
20:58:43.0379 7228  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
20:58:43.0394 7228  kbfiltr - ok
20:58:43.0418 7228  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:58:43.0433 7228  KeyIso - ok
20:58:43.0461 7228  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:58:43.0473 7228  KSecDD - ok
20:58:43.0506 7228  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:58:43.0522 7228  KSecPkg - ok
20:58:43.0550 7228  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:58:43.0602 7228  ksthunk - ok
20:58:43.0637 7228  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:58:43.0689 7228  KtmRm - ok
20:58:43.0730 7228  [ B4A3A05B0F9C81D098B96AB6AA915042 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
20:58:43.0752 7228  L1C - ok
20:58:43.0807 7228  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:58:43.0874 7228  LanmanServer - ok
20:58:43.0919 7228  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:58:43.0991 7228  LanmanWorkstation - ok
20:58:44.0094 7228  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:58:44.0128 7228  LBTServ - ok
20:58:44.0168 7228  [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
20:58:44.0179 7228  LEqdUsb - ok
20:58:44.0223 7228  [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
20:58:44.0242 7228  LHidEqd - ok
20:58:44.0276 7228  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:58:44.0295 7228  LHidFilt - ok
20:58:44.0316 7228  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:58:44.0360 7228  lltdio - ok
20:58:44.0395 7228  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:58:44.0471 7228  lltdsvc - ok
20:58:44.0495 7228  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:58:44.0541 7228  lmhosts - ok
20:58:44.0657 7228  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:58:44.0702 7228  LMS ( UnsignedFile.Multi.Generic ) - warning
20:58:44.0702 7228  LMS - detected UnsignedFile.Multi.Generic (1)
20:58:44.0766 7228  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:58:44.0788 7228  LSI_FC - ok
20:58:44.0797 7228  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:58:44.0812 7228  LSI_SAS - ok
20:58:44.0826 7228  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:58:44.0838 7228  LSI_SAS2 - ok
20:58:44.0858 7228  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:58:44.0870 7228  LSI_SCSI - ok
20:58:44.0875 7228  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:58:44.0918 7228  luafv - ok
20:58:44.0953 7228  [ 085435AE1A124361304044029B5CC644 ] lullaby         C:\Windows\system32\DRIVERS\lullaby.sys
20:58:44.0963 7228  lullaby - ok
20:58:44.0988 7228  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:58:45.0023 7228  Mcx2Svc - ok
20:58:45.0039 7228  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:58:45.0051 7228  megasas - ok
20:58:45.0067 7228  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:58:45.0085 7228  MegaSR - ok
20:58:45.0159 7228  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:58:45.0198 7228  Microsoft Office Groove Audit Service - ok
20:58:45.0236 7228  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:58:45.0311 7228  MMCSS - ok
20:58:45.0336 7228  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:58:45.0380 7228  Modem - ok
20:58:45.0403 7228  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:58:45.0419 7228  monitor - ok
20:58:45.0443 7228  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
20:58:45.0455 7228  mouclass - ok
20:58:45.0479 7228  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:58:45.0500 7228  mouhid - ok
20:58:45.0538 7228  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:58:45.0562 7228  mountmgr - ok
20:58:45.0635 7228  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:58:45.0658 7228  MozillaMaintenance - ok
20:58:45.0697 7228  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:58:45.0723 7228  mpio - ok
20:58:45.0753 7228  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:58:45.0799 7228  mpsdrv - ok
20:58:45.0857 7228  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:58:45.0933 7228  MpsSvc - ok
20:58:45.0979 7228  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:58:46.0026 7228  MRxDAV - ok
20:58:46.0042 7228  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:58:46.0073 7228  mrxsmb - ok
20:58:46.0104 7228  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:58:46.0151 7228  mrxsmb10 - ok
20:58:46.0167 7228  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:58:46.0201 7228  mrxsmb20 - ok
20:58:46.0237 7228  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:58:46.0248 7228  msahci - ok
20:58:46.0264 7228  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:58:46.0277 7228  msdsm - ok
20:58:46.0286 7228  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:58:46.0322 7228  MSDTC - ok
20:58:46.0371 7228  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:58:46.0429 7228  Msfs - ok
20:58:46.0443 7228  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:58:46.0490 7228  mshidkmdf - ok
20:58:46.0521 7228  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:58:46.0532 7228  msisadrv - ok
20:58:46.0570 7228  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:58:46.0617 7228  MSiSCSI - ok
20:58:46.0621 7228  msiserver - ok
20:58:46.0652 7228  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:58:46.0696 7228  MSKSSRV - ok
20:58:46.0714 7228  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:58:46.0768 7228  MSPCLOCK - ok
20:58:46.0780 7228  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:58:46.0824 7228  MSPQM - ok
20:58:46.0870 7228  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:58:46.0903 7228  MsRPC - ok
20:58:46.0934 7228  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:58:46.0947 7228  mssmbios - ok
20:58:46.0971 7228  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:58:47.0026 7228  MSTEE - ok
20:58:47.0030 7228  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:58:47.0042 7228  MTConfig - ok
20:58:47.0081 7228  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
20:58:47.0091 7228  MTsensor - ok
20:58:47.0108 7228  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:58:47.0121 7228  Mup - ok
20:58:47.0150 7228  [ A9BC2302FBDF52C8AF4E2FC966288D21 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:58:47.0168 7228  MyWiFiDHCPDNS - ok
20:58:47.0216 7228  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:58:47.0287 7228  napagent - ok
20:58:47.0332 7228  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:58:47.0369 7228  NativeWifiP - ok
20:58:47.0486 7228  [ 9AE6509862DE96416CA9AD54440A861B ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
20:58:47.0514 7228  NAUpdate - ok
20:58:47.0569 7228  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:58:47.0616 7228  NDIS - ok
20:58:47.0646 7228  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:58:47.0691 7228  NdisCap - ok
20:58:47.0720 7228  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:58:47.0766 7228  NdisTapi - ok
20:58:47.0814 7228  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:58:47.0886 7228  Ndisuio - ok
20:58:47.0927 7228  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:58:47.0991 7228  NdisWan - ok
20:58:48.0043 7228  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:58:48.0106 7228  NDProxy - ok
20:58:48.0153 7228  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:58:48.0227 7228  NetBIOS - ok
20:58:48.0264 7228  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:58:48.0337 7228  NetBT - ok
20:58:48.0359 7228  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:58:48.0370 7228  Netlogon - ok
20:58:48.0402 7228  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:58:48.0467 7228  Netman - ok
20:58:48.0494 7228  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:58:48.0552 7228  netprofm - ok
20:58:48.0582 7228  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:58:48.0593 7228  NetTcpPortSharing - ok
20:58:48.0785 7228  [ 24F64343F14A119308456E1CA7507B26 ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
20:58:49.0009 7228  NETw5s64 - ok
20:58:49.0051 7228  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:58:49.0073 7228  nfrd960 - ok
20:58:49.0127 7228  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:58:49.0210 7228  NlaSvc - ok
20:58:49.0226 7228  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:58:49.0265 7228  Npfs - ok
20:58:49.0279 7228  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:58:49.0324 7228  nsi - ok
20:58:49.0335 7228  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:58:49.0382 7228  nsiproxy - ok
20:58:49.0434 7228  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:58:49.0497 7228  Ntfs - ok
20:58:49.0529 7228  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:58:49.0574 7228  Null - ok
20:58:49.0824 7228  [ 70E89A21827B2669AF906B703C7C48B5 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:58:50.0262 7228  nvlddmkm - ok
20:58:50.0320 7228  [ 4B9C0C2BF78289513101EB0D44834701 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
20:58:50.0330 7228  nvpciflt - ok
20:58:50.0357 7228  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:58:50.0370 7228  nvraid - ok
20:58:50.0408 7228  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:58:50.0423 7228  nvstor - ok
20:58:50.0458 7228  [ E04FCE1D149CF05C3449E3171F9C3E41 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:58:50.0494 7228  nvsvc - ok
20:58:50.0580 7228  [ D96DDEA6C699A99832E0186057801971 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:58:50.0649 7228  nvUpdatusService - ok
20:58:50.0725 7228  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:58:50.0736 7228  nv_agp - ok
20:58:50.0940 7228  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:58:50.0958 7228  odserv - ok
20:58:50.0997 7228  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:58:51.0022 7228  ohci1394 - ok
20:58:51.0051 7228  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:58:51.0065 7228  ose - ok
20:58:51.0112 7228  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:58:51.0135 7228  p2pimsvc - ok
20:58:51.0157 7228  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:58:51.0186 7228  p2psvc - ok
20:58:51.0217 7228  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:58:51.0242 7228  Parport - ok
20:58:51.0283 7228  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:58:51.0307 7228  partmgr - ok
20:58:51.0342 7228  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:58:51.0387 7228  PcaSvc - ok
20:58:51.0432 7228  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:58:51.0458 7228  pci - ok
20:58:51.0482 7228  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:58:51.0503 7228  pciide - ok
20:58:51.0537 7228  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:58:51.0566 7228  pcmcia - ok
20:58:51.0598 7228  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:58:51.0619 7228  pcw - ok
20:58:51.0664 7228  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:58:51.0762 7228  PEAUTH - ok
20:58:51.0863 7228  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:58:51.0901 7228  PerfHost - ok
20:58:51.0974 7228  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:58:52.0092 7228  pla - ok
20:58:52.0136 7228  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:58:52.0167 7228  PlugPlay - ok
20:58:52.0195 7228  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:58:52.0226 7228  PNRPAutoReg - ok
20:58:52.0257 7228  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:58:52.0283 7228  PNRPsvc - ok
20:58:52.0324 7228  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:58:52.0376 7228  PolicyAgent - ok
20:58:52.0414 7228  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:58:52.0479 7228  Power - ok
20:58:52.0531 7228  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:58:52.0608 7228  PptpMiniport - ok
20:58:52.0631 7228  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:58:52.0663 7228  Processor - ok
20:58:52.0709 7228  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:58:52.0740 7228  ProfSvc - ok
20:58:52.0761 7228  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:58:52.0772 7228  ProtectedStorage - ok
20:58:52.0816 7228  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:58:52.0872 7228  Psched - ok
20:58:52.0925 7228  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:58:52.0999 7228  ql2300 - ok
20:58:53.0030 7228  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:58:53.0044 7228  ql40xx - ok
20:58:53.0070 7228  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:58:53.0091 7228  QWAVE - ok
20:58:53.0107 7228  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:58:53.0130 7228  QWAVEdrv - ok
20:58:53.0139 7228  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:58:53.0188 7228  RasAcd - ok
20:58:53.0210 7228  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:58:53.0249 7228  RasAgileVpn - ok
20:58:53.0278 7228  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:58:53.0334 7228  RasAuto - ok
20:58:53.0372 7228  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:58:53.0441 7228  Rasl2tp - ok
20:58:53.0466 7228  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:58:53.0521 7228  RasMan - ok
20:58:53.0557 7228  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:58:53.0624 7228  RasPppoe - ok
20:58:53.0640 7228  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:58:53.0689 7228  RasSstp - ok
20:58:53.0726 7228  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:58:53.0774 7228  rdbss - ok
20:58:53.0803 7228  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:58:53.0825 7228  rdpbus - ok
20:58:53.0858 7228  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:58:53.0909 7228  RDPCDD - ok
20:58:53.0922 7228  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:58:53.0975 7228  RDPENCDD - ok
20:58:53.0996 7228  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:58:54.0043 7228  RDPREFMP - ok
20:58:54.0077 7228  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:58:54.0104 7228  RDPWD - ok
20:58:54.0163 7228  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:58:54.0190 7228  rdyboost - ok
20:58:54.0254 7228  [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:58:54.0305 7228  RegSrvc - ok
20:58:54.0321 7228  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:58:54.0375 7228  RemoteAccess - ok
20:58:54.0398 7228  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:58:54.0437 7228  RemoteRegistry - ok
20:58:54.0447 7228  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:58:54.0496 7228  RpcEptMapper - ok
20:58:54.0516 7228  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:58:54.0556 7228  RpcLocator - ok
20:58:54.0595 7228  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:58:54.0640 7228  RpcSs - ok
20:58:54.0695 7228  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:58:54.0764 7228  rspndr - ok
20:58:54.0815 7228  [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
20:58:54.0865 7228  RTL8192su - ok
20:58:54.0885 7228  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:58:54.0897 7228  SamSs - ok
20:58:54.0932 7228  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:58:54.0957 7228  sbp2port - ok
20:58:54.0994 7228  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:58:55.0061 7228  SCardSvr - ok
20:58:55.0094 7228  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:58:55.0173 7228  scfilter - ok
20:58:55.0217 7228  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:58:55.0296 7228  Schedule - ok
20:58:55.0335 7228  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:58:55.0368 7228  SCPolicySvc - ok
20:58:55.0411 7228  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:58:55.0444 7228  SDRSVC - ok
20:58:55.0472 7228  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:58:55.0549 7228  secdrv - ok
20:58:55.0567 7228  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:58:55.0609 7228  seclogon - ok
20:58:55.0630 7228  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:58:55.0678 7228  SENS - ok
20:58:55.0692 7228  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:58:55.0717 7228  SensrSvc - ok
20:58:55.0759 7228  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:58:55.0793 7228  Serenum - ok
20:58:55.0822 7228  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:58:55.0850 7228  Serial - ok
20:58:55.0899 7228  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:58:55.0928 7228  sermouse - ok
20:58:55.0974 7228  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:58:56.0031 7228  SessionEnv - ok
20:58:56.0063 7228  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:58:56.0095 7228  sffdisk - ok
20:58:56.0101 7228  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:58:56.0127 7228  sffp_mmc - ok
20:58:56.0132 7228  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:58:56.0165 7228  sffp_sd - ok
20:58:56.0201 7228  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:58:56.0223 7228  sfloppy - ok
20:58:56.0267 7228  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:58:56.0338 7228  SharedAccess - ok
20:58:56.0387 7228  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:58:56.0447 7228  ShellHWDetection - ok
20:58:56.0474 7228  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
20:58:56.0499 7228  SiSGbeLH - ok
20:58:56.0541 7228  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:58:56.0554 7228  SiSRaid2 - ok
20:58:56.0575 7228  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:58:56.0590 7228  SiSRaid4 - ok
20:58:56.0645 7228  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:58:56.0667 7228  SkypeUpdate - ok
20:58:56.0696 7228  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:58:56.0738 7228  Smb - ok
20:58:56.0782 7228  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:58:56.0798 7228  SNMPTRAP - ok
20:58:56.0871 7228  [ 2114518E55B380A3ACC28B2C27FD499A ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
20:58:56.0971 7228  SNP2UVC - ok
20:58:57.0078 7228  [ D3865A0491AA66E595B6A276E4BDBE05 ] SPAMfighter Update Service C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
20:58:57.0098 7228  SPAMfighter Update Service - ok
20:58:57.0115 7228  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:58:57.0129 7228  spldr - ok
20:58:57.0178 7228  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:58:57.0221 7228  Spooler - ok
20:58:57.0335 7228  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:58:57.0523 7228  sppsvc - ok
20:58:57.0548 7228  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:58:57.0598 7228  sppuinotify - ok
20:58:57.0636 7228  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:58:57.0685 7228  srv - ok
20:58:57.0705 7228  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:58:57.0741 7228  srv2 - ok
20:58:57.0755 7228  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:58:57.0789 7228  srvnet - ok
20:58:57.0832 7228  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:58:57.0899 7228  SSDPSRV - ok
20:58:57.0927 7228  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:58:57.0982 7228  SstpSvc - ok
20:58:58.0031 7228  Steam Client Service - ok
20:58:58.0054 7228  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:58:58.0073 7228  stexstor - ok
20:58:58.0121 7228  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:58:58.0150 7228  stisvc - ok
20:58:58.0210 7228  [ A7E21E907C39FAB021CED41296FC8019 ] Suite Service   C:\Program Files (x86)\Fighters\FighterSuiteService.exe
20:58:58.0265 7228  Suite Service - ok
20:58:58.0295 7228  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:58:58.0306 7228  swenum - ok
20:58:58.0344 7228  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:58:58.0403 7228  swprv - ok
20:58:58.0470 7228  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:58:58.0561 7228  SysMain - ok
20:58:58.0596 7228  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:58:58.0617 7228  TabletInputService - ok
20:58:58.0639 7228  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:58:58.0688 7228  TapiSrv - ok
20:58:58.0718 7228  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:58:58.0754 7228  TBS - ok
20:58:58.0834 7228  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:58:58.0909 7228  Tcpip - ok
20:58:58.0956 7228  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:58:58.0996 7228  TCPIP6 - ok
20:58:59.0038 7228  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:58:59.0089 7228  tcpipreg - ok
20:58:59.0119 7228  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:58:59.0141 7228  TDPIPE - ok
20:58:59.0173 7228  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:58:59.0187 7228  TDTCP - ok
20:58:59.0229 7228  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:58:59.0286 7228  tdx - ok
20:58:59.0354 7228  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:58:59.0374 7228  TermDD - ok
20:58:59.0425 7228  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:58:59.0512 7228  TermService - ok
20:58:59.0530 7228  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:58:59.0559 7228  Themes - ok
20:58:59.0586 7228  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:58:59.0625 7228  THREADORDER - ok
20:58:59.0644 7228  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:58:59.0690 7228  TrkWks - ok
20:58:59.0754 7228  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:58:59.0815 7228  TrustedInstaller - ok
20:58:59.0851 7228  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:58:59.0922 7228  tssecsrv - ok
20:58:59.0954 7228  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:58:59.0980 7228  TsUsbFlt - ok
20:59:00.0035 7228  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:59:00.0101 7228  tunnel - ok
20:59:00.0127 7228  [ C45A3E051C65106A28982CAED125F855 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
20:59:00.0139 7228  TurboB - ok
20:59:00.0170 7228  [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:59:00.0183 7228  TurboBoost - ok
20:59:00.0206 7228  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:59:00.0221 7228  uagp35 - ok
20:59:00.0260 7228  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:59:00.0312 7228  udfs - ok
20:59:00.0336 7228  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:59:00.0358 7228  UI0Detect - ok
20:59:00.0399 7228  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:59:00.0414 7228  uliagpkx - ok
20:59:00.0460 7228  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:59:00.0482 7228  umbus - ok
20:59:00.0516 7228  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:59:00.0545 7228  UmPass - ok
20:59:00.0675 7228  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:59:00.0766 7228  UNS ( UnsignedFile.Multi.Generic ) - warning
20:59:00.0766 7228  UNS - detected UnsignedFile.Multi.Generic (1)
20:59:00.0790 7228  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:59:00.0843 7228  upnphost - ok
20:59:00.0884 7228  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:59:00.0895 7228  USBAAPL64 - ok
20:59:00.0936 7228  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:59:00.0959 7228  usbccgp - ok
20:59:00.0993 7228  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:59:01.0042 7228  usbcir - ok
20:59:01.0059 7228  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:59:01.0095 7228  usbehci - ok
20:59:01.0122 7228  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:59:01.0147 7228  usbhub - ok
20:59:01.0190 7228  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:59:01.0228 7228  usbohci - ok
20:59:01.0259 7228  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:59:01.0289 7228  usbprint - ok
20:59:01.0321 7228  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:59:01.0335 7228  usbscan - ok
20:59:01.0353 7228  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:59:01.0373 7228  USBSTOR - ok
20:59:01.0409 7228  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:59:01.0430 7228  usbuhci - ok
20:59:01.0486 7228  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:59:01.0531 7228  usbvideo - ok
20:59:01.0572 7228  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:59:01.0639 7228  UxSms - ok
20:59:01.0664 7228  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:59:01.0675 7228  VaultSvc - ok
20:59:01.0721 7228  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:59:01.0742 7228  vdrvroot - ok
20:59:01.0787 7228  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:59:01.0869 7228  vds - ok
20:59:01.0913 7228  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:59:01.0940 7228  vga - ok
20:59:01.0964 7228  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:59:02.0028 7228  VgaSave - ok
20:59:02.0069 7228  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:59:02.0097 7228  vhdmp - ok
20:59:02.0149 7228  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:59:02.0159 7228  viaide - ok
20:59:02.0176 7228  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:59:02.0188 7228  volmgr - ok
20:59:02.0228 7228  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:59:02.0258 7228  volmgrx - ok
20:59:02.0300 7228  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:59:02.0319 7228  volsnap - ok
20:59:02.0341 7228  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:59:02.0356 7228  vsmraid - ok
20:59:02.0420 7228  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:59:02.0517 7228  VSS - ok
20:59:02.0533 7228  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:59:02.0564 7228  vwifibus - ok
20:59:02.0576 7228  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:59:02.0610 7228  vwififlt - ok
20:59:02.0637 7228  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:59:02.0653 7228  vwifimp - ok
20:59:02.0685 7228  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:59:02.0727 7228  W32Time - ok
20:59:02.0741 7228  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:59:02.0764 7228  WacomPen - ok
20:59:02.0820 7228  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:59:02.0859 7228  WANARP - ok
20:59:02.0890 7228  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:59:02.0922 7228  Wanarpv6 - ok
20:59:02.0994 7228  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:59:03.0060 7228  WatAdminSvc - ok
20:59:03.0123 7228  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:59:03.0189 7228  wbengine - ok
20:59:03.0218 7228  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:59:03.0238 7228  WbioSrvc - ok
20:59:03.0284 7228  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:59:03.0329 7228  wcncsvc - ok
20:59:03.0344 7228  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:59:03.0371 7228  WcsPlugInService - ok
20:59:03.0395 7228  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:59:03.0406 7228  Wd - ok
20:59:03.0436 7228  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:59:03.0459 7228  Wdf01000 - ok
20:59:03.0469 7228  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:59:03.0506 7228  WdiServiceHost - ok
20:59:03.0509 7228  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:59:03.0527 7228  WdiSystemHost - ok
20:59:03.0544 7228  [ 5B34E5938B9E76798977725E3F7847C4 ] wdkmd           C:\Windows\system32\DRIVERS\WDKMD.sys
20:59:03.0554 7228  wdkmd - ok
20:59:03.0595 7228  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:59:03.0620 7228  WebClient - ok
20:59:03.0637 7228  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:59:03.0692 7228  Wecsvc - ok
20:59:03.0706 7228  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:59:03.0741 7228  wercplsupport - ok
20:59:03.0756 7228  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:59:03.0807 7228  WerSvc - ok
20:59:03.0837 7228  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:59:03.0874 7228  WfpLwf - ok
20:59:03.0914 7228  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
20:59:03.0929 7228  WimFltr - ok
20:59:03.0939 7228  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:59:03.0950 7228  WIMMount - ok
20:59:03.0974 7228  WinDefend - ok
20:59:03.0978 7228  WinHttpAutoProxySvc - ok
20:59:04.0031 7228  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:59:04.0099 7228  Winmgmt - ok
20:59:04.0180 7228  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:59:04.0301 7228  WinRM - ok
20:59:04.0351 7228  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:59:04.0384 7228  WinUsb - ok
20:59:04.0426 7228  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:59:04.0471 7228  Wlansvc - ok
20:59:04.0504 7228  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:59:04.0527 7228  WmiAcpi - ok
20:59:04.0553 7228  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:59:04.0590 7228  wmiApSrv - ok
20:59:04.0623 7228  WMPNetworkSvc - ok
20:59:04.0656 7228  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:59:04.0672 7228  WPCSvc - ok
20:59:04.0706 7228  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:59:04.0735 7228  WPDBusEnum - ok
20:59:04.0765 7228  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:59:04.0837 7228  ws2ifsl - ok
20:59:04.0857 7228  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:59:04.0875 7228  wscsvc - ok
20:59:04.0878 7228  WSearch - ok
20:59:04.0973 7228  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:59:05.0080 7228  wuauserv - ok
20:59:05.0090 7228  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:59:05.0120 7228  WudfPf - ok
20:59:05.0167 7228  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:59:05.0214 7228  WUDFRd - ok
20:59:05.0245 7228  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:59:05.0292 7228  wudfsvc - ok
20:59:05.0308 7228  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:59:05.0339 7228  WwanSvc - ok
20:59:05.0401 7228  {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
20:59:05.0427 7228  ================ Scan global ===============================
20:59:05.0453 7228  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:59:05.0483 7228  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:59:05.0504 7228  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:59:05.0528 7228  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:59:05.0543 7228  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:59:05.0549 7228  [Global] - ok
20:59:05.0550 7228  ================ Scan MBR ==================================
20:59:05.0563 7228  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:59:06.0035 7228  \Device\Harddisk0\DR0 - ok
20:59:06.0041 7228  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:59:06.0603 7228  \Device\Harddisk1\DR1 - ok
20:59:06.0609 7228  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
20:59:07.0086 7228  \Device\Harddisk2\DR2 - ok
20:59:07.0087 7228  ================ Scan VBR ==================================
20:59:07.0091 7228  [ 1D69DFD8F6D939D61C56AF33A9169B52 ] \Device\Harddisk0\DR0\Partition1
20:59:07.0093 7228  \Device\Harddisk0\DR0\Partition1 - ok
20:59:07.0164 7228  [ 4FF2F1FB760C960FE369EF7E34968D8B ] \Device\Harddisk0\DR0\Partition2
20:59:07.0168 7228  \Device\Harddisk0\DR0\Partition2 - ok
20:59:07.0173 7228  [ 49D3ADB4292C84FC1FDEBD41A36F0DCF ] \Device\Harddisk1\DR1\Partition1
20:59:07.0177 7228  \Device\Harddisk1\DR1\Partition1 - ok
20:59:07.0182 7228  [ B0C1D0CEEDC731A833117EC7643CA953 ] \Device\Harddisk2\DR2\Partition1
20:59:07.0186 7228  \Device\Harddisk2\DR2\Partition1 - ok
20:59:07.0186 7228  ============================================================
20:59:07.0186 7228  Scan finished
20:59:07.0186 7228  ============================================================
20:59:07.0201 6040  Detected object count: 2
20:59:07.0201 6040  Actual detected object count: 2
20:59:23.0439 6040  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:23.0439 6040  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:59:23.0439 6040  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:23.0439 6040  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 11.09.2012, 23:29

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Charlene · 12.09.2012, 20:05

hier kommt das Combofix-log:

Code:

ATTFilter

ComboFix 12-09-12.03 - XXX 12.09.2012  20:34:51.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3886.2044 [GMT 2:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\FullRemove.exe
c:\programdata\nud0repor.pad
C:\readme.txt
c:\users\XXX\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
D:\uninstall.exe
G:\resycled
I:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-12 bis 2012-09-12  ))))))))))))))))))))))))))))))
.
.
2012-09-09 11:40 . 2012-09-09 12:21	--------	d-----w-	c:\users\XXX\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2012-09-09 11:25 . 2012-09-09 11:25	--------	d-----w-	c:\program files (x86)\Electronic Arts
2012-09-09 09:33 . 2012-09-09 09:32	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-09 09:33 . 2012-09-09 09:32	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-09 09:33 . 2012-09-09 09:32	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-09 09:33 . 2012-09-09 09:32	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-09 09:33 . 2012-09-09 09:32	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-09 09:33 . 2012-09-09 09:32	188904	----a-w-	c:\windows\system32\java.exe
2012-09-09 09:30 . 2012-09-09 09:32	--------	d-----w-	c:\program files\Java
2012-09-08 16:42 . 2012-09-08 16:42	--------	d-----w-	c:\users\XXX\AppData\Roaming\My Battle for Middle-earth Files
2012-09-02 08:59 . 2012-09-02 08:59	--------	d-----w-	c:\program files (x86)\ESET
2012-08-30 19:24 . 2012-09-02 12:34	--------	d-----w-	c:\users\XXX\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
2012-08-30 19:10 . 2012-08-30 19:10	--------	d-----w-	c:\program files (x86)\EA GAMES
2012-08-27 06:07 . 2012-08-27 06:07	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-08-27 06:06 . 2012-08-27 06:06	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-25 00:21 . 2012-08-25 00:23	--------	d-----w-	c:\windows\rescache
2012-08-24 19:07 . 2012-08-26 01:19	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2012-08-24 17:44 . 2012-08-24 17:44	--------	d-----w-	c:\windows\system32\SPReview
2012-08-24 17:41 . 2012-08-24 17:41	--------	d-----w-	c:\windows\system32\EventProviders
2012-08-23 18:13 . 2012-08-27 06:06	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-08-23 05:51 . 2012-08-23 05:51	--------	d-----w-	C:\_OTL
2012-08-22 05:54 . 2012-08-22 05:54	--------	d-----w-	c:\users\XXX\AppData\Roaming\Malwarebytes
2012-08-22 05:54 . 2012-08-22 05:54	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-22 05:54 . 2012-08-22 05:54	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-22 05:54 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-15 06:59 . 2012-06-27 04:53	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-15 06:59 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 06:59 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
2012-08-15 06:59 . 2010-11-20 13:27	39424	----a-w-	c:\windows\system32\Spool\prtprocs\x64\winprint.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 17:14 . 2010-10-31 09:26	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-08-27 06:06 . 2010-10-29 18:03	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-24 18:00 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-08-24 18:00 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-08-16 01:00 . 2010-11-01 07:14	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-08-15 21:38 . 2012-04-27 05:33	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 21:38 . 2011-05-20 04:15	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-25 18:39 . 2012-07-25 18:39	3360256	----a-w-	C:\edainmodstarter.exe
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2009-04-08 17:31 . 2009-04-08 17:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45	155648	----a-w-	c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0538CF1C-8419-4800-ADBB-0C00C799FDA2}]
2012-02-06 09:12	88416	----a-w-	c:\users\XXX\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GenieoUpdaterService"="c:\users\XXX\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" [2012-02-06 277344]
"GenieoSystemTray"="c:\users\XXX\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [2012-02-06 558944]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-15 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"HPUsageTracking"="c:\program files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe" [2007-11-02 36864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2012-04-24 1197704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"CommonToolkitTray"="c:\program files (x86)\Fighters\Tray\FightersTray.exe" [2012-02-02 1453704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-22 113664]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-9-15 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-15 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
2;2 nvUpdatusService;NVIDIA Update Service Daemon [x]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/09/15 04:51];c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15 135664]
R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-18 1255736]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe [2012-04-24 215688]
S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2012-01-23 1324680]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 21:38]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15 12:03]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15 12:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1238528]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rl45wb5x.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
AddRemove-Axis & Allies - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-12  20:55:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-12 18:55
.
Vor Suchlauf: 13 Verzeichnis(se), 14.266.814.464 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 14.072.950.784 Bytes frei
.
- - End Of File - - DEB331E019E5E6A4FA074EA3C9A9F7A5

cosinus · 13.09.2012, 12:55

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

cosinus · 13.09.2012, 13:02

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Charlene · 13.09.2012, 21:36

hier schon mal GMER. Rest folgt

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-13 22:35:05
Windows 6.1.7601 Service Pack 1 
Running: o9udp5bo.exe


---- Registry - GMER 1.0.15 ----

Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Die Schlacht um Mittelerde\x2122 II\Die Schlacht um Mittelerde\x2122 II - Weltenbauer.lnk  1
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Die Schlacht um Mittelerde\x2122 II\Die Schlacht um Mittelerde\x2122 II - Weltenbauer.lnk                  1
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Die Schlacht um Mittelerde\x2122 II\Elektronische Registrierung.lnk                        1
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Die Schlacht um Mittelerde\x2122 II\Elektronische Registrierung.lnk                                        1
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Die Schlacht um Mittelerde\x2122 II\Online nach Update suchen.lnk                          1
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Die Schlacht um Mittelerde\x2122 II\Online nach Update suchen.lnk                                          1

---- EOF - GMER 1.0.15 ----

jetzt OSAM:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:21:18 on 14.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL
"Nero BurnRights 10" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP64" (ASMMAP64) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"lullaby" (lullaby) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys
"Power Control [2010/09/15 04:51:26]" ({B154377D-700F-42cc-9474-23858FBDF4BD}) - ? - C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl  (File not found)
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout64" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.7.0_06" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_06" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\npjpi170_06.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.6.2" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} "FireShot" - ? - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rl45wb5x.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.dll  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
{0538CF1C-8419-4800-ADBB-0C00C799FDA2} "My Personal Homepage" - ? - C:\Users\XXX\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll  (File found, but it contains no detailed information)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FancyStart daemon.lnk" - "ASUSTeK Computer Inc." - C:\Program Files (x86)\ASUS\FancyStart\FancyStart.exe  (Shortcut exists | File exists)
"SRS Premium Sound.lnk" - "SRS Labs, Inc." - C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"GenieoSystemTray" - ? - "C:\Users\XXX\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"  (File found, but it contains no detailed information)
"GenieoUpdaterService" - ? - "C:\Users\XXX\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5  (File found, but it contains no detailed information)
"MobileDocuments" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
"Steam" - "Valve Corporation" - "C:\Program Files (x86)\Steam\Steam.exe" -silent
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ATKMEDIA" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
"ATKOSD2" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
"avgnt" - "Avira GmbH" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"Boingo Wi-Fi" - ? - "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
"CommonToolkitTray" - "SPAMfighter ApS" - C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"HControlUser" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
"HP Software Update" - "Hewlett-Packard Co." - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"HPUsageTracking" - ? - "C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\Hewlett-Packard\HP UT\"
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"NBAgent" - "Nero AG" - "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"sfagent" - "SPAMfighter ApS" - C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
"UpdatePSTShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files (x86)\Nero\Update\NASvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"AFBAgent" (AFBAgent) - "ASUSTeK Computer Inc." - C:\Windows\system32\FBAgent.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe  (File found, but it contains no detailed information)
"Hotspot Shield Routing Service" (HssSrv) - ? - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
"Hotspot Shield Service" (hshld) - ? - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe  (File found, but it contains no detailed information)
"Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE  (File found, but it contains no detailed information)
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"SPAMfighter Update Service" (SPAMfighter Update Service) - "SPAMfighter ApS" - C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"Suite Service" (Suite Service) - "SPAMfighter ApS" - C:\Program Files (x86)\Fighters\FighterSuiteService.exe
"TurboBoost" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
"Windows Live Family Safety" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
"Wireless PAN DHCP Server" (MyWiFiDHCPDNS) - ? - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Charlene · 14.09.2012, 22:08

und noch aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 22:24:50
-----------------------------
22:24:50.215    OS Version: Windows x64 6.1.7601 Service Pack 1
22:24:50.215    Number of processors: 4 586 0x2505
22:24:50.215    ComputerName: XXX-PC  UserName: XXX
22:24:51.666    Initialize success
22:25:53.638    AVAST engine defs: 12091400
22:26:12.686    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:26:12.686    Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
22:26:12.717    Disk 0 MBR read successfully
22:26:12.717    Disk 0 MBR scan
22:26:12.717    Disk 0 Windows 7 default MBR code
22:26:12.732    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    20002 MB offset 63
22:26:12.748    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       119232 MB offset 40965750
22:26:12.748    Disk 0 Partition - 00     0F Extended LBA            337704 MB offset 285153280
22:26:12.764    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       337703 MB offset 285155328
22:26:12.810    Disk 0 scanning C:\Windows\system32\drivers
22:26:27.428    Service scanning
22:26:56.565    Modules scanning
22:26:56.565    Disk 0 trace - called modules:
22:26:56.596    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
22:26:56.596    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048cb060]
22:26:56.612    3 CLASSPNP.SYS[fffff880015a543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045fb050]
22:26:57.376    AVAST engine scan C:\Windows
22:27:00.637    AVAST engine scan C:\Windows\system32
22:30:56.695    AVAST engine scan C:\Windows\system32\drivers
22:31:13.324    AVAST engine scan C:\Users\XXX
22:48:54.690    AVAST engine scan C:\ProgramData
22:50:02.940    Scan finished successfully
23:07:22.931    Disk 0 MBR has been saved successfully to "C:\Users\XXX\Desktop\MBR.dat"
23:07:22.947    The log file has been saved successfully to "C:\Users\XXX\Desktop\aswMBR.txt"

cosinus · 15.09.2012, 12:43

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Charlene · 16.09.2012, 08:28

Hier schon mal Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
XXX :: XXX-PC [Administrator]

Schutz: Aktiviert

15.09.2012 21:46:56
mbam-log-2012-09-15 (21-46-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 541828
Laufzeit: 2 Stunde(n), 22 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Superantiyspyware:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/16/2012 at 04:29 PM

Application Version : 5.5.1016

Core Rules Database Version : 9236
Trace Rules Database Version: 7048

Scan type       : Complete Scan
Total Scan Time : 02:05:38

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 752
Memory threats detected   : 0
Registry items scanned    : 72647
Registry threats detected : 0
File items scanned        : 72192
File threats detected     : 637

Adware.Tracking Cookie
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\XXX@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\XXX@adx.chip[2].txt [ /adx.chip ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\XXX@content.yieldmanager[1].txt [ /content.yieldmanager ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\XXX@smartadserver[2].txt [ /smartadserver ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\VLXYLB0S.txt [ /im.banner.t-online.de ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\08QF4GRH.txt [ /tradedoubler.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\QCUPO38G.txt [ /webmasterplan.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\T0Q9PR1N.txt [ /mediaplex.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\8JNZWTON.txt [ /revsci.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\59YVD7J4.txt [ /insightexpressai.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\0ZFOXLS9.txt [ /de.sitestat.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\BVD6NH82.txt [ /track.adform.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\M6DBO4VZ.txt [ /media6degrees.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\UG7MGMXE.txt [ /doubleclick.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\12UKEHAH.txt [ /serving-sys.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\FSNEFH72.txt [ /zanox-affiliate.de ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\U7JJ1YQX.txt [ /bs.serving-sys.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\271JBD4B.txt [ /de.sitestat.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\7CQ18W95.txt [ /c.atdmt.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\EQOMO0MB.txt [ /ad.360yield.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\V6NET14Y.txt [ /apmebf.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\VHRKW05W.txt [ /parship.122.2o7.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\6BEF4FMH.txt [ /atdmt.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\8KZCP852.txt [ /adfarm1.adition.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\EGB7Z8NY.txt [ /adtech.de ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\2ZCO0OC7.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\4YAQQJYD.txt [ /ad.ad-srv.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\5SRL62FG.txt [ /zanox.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\CZ00E0TB.txt [ /adviva.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\WTTMS3BZ.txt [ /webmasterplan.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\BS9ELK06.txt [ /questionmarket.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\NHU28RG2.txt [ /adfarm1.adition.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Q80AIOHK.txt [ /bs.serving-sys.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\CBLZULZR.txt [ /atdmt.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\33EWOE6F.txt [ /dyntracker.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\FYNV03HH.txt [ /nextag.de ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\R40GVL14.txt [ /counter2.sexmoney.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\2WLR4GWC.txt [ /de.sitestat.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\LLFAJRO2.txt [ /apmebf.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\PTNBOSEL.txt [ /ad.zanox.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\3IDK10ZT.txt [ /xiti.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\4IZUY5AI.txt [ /counter.sexsuche.tv ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\GHBNZP39.txt [ /avgtechnologies.112.2o7.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\CKCXI4SM.txt [ /smartadserver.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\TDVOKOSW.txt [ /ads.creative-serving.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\MWST3MG9.txt [ /de.sitestat.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\6QVNX139.txt [ /ad.zanox.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\1102HIVL.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\8H9US92R.txt [ /eas.apm.emediate.eu ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\3285K5KD.txt [ /amazon-adsystem.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\WT9EGZEV.txt [ /adbrite.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\1R6Q9RTY.txt [ /specificclick.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\8NO2CM55.txt [ /guj.122.2o7.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\I85YXGV8.txt [ /media6degrees.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\4KMXOEGS.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\GY2Q60C6.txt [ /fastclick.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\15WADYSW.txt [ /ad4.adfarm1.adition.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\COBWU0PU.txt [ /www.etracker.de ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\R5DDBNDX.txt [ /invitemedia.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\UT0OSKPY.txt [ /de.sitestat.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\3Q0RSBC5.txt [ /www.netdebit-counter.de ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\OCW2ONG3.txt [ /tracking.quisma.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\MIO5DGCN.txt [ /ad.yieldmanager.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\LFR04K2U.txt [ /ad.dyntracker.de ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\S3NGC7ET.txt [ /ww251.smartadserver.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\HR95TZ1L.txt [ /adform.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\LB9AA9NP.txt [ /imrworldwide.com ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Y3M1N1TU.txt [ /www.zanox-affiliate.de ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\ZWRZ0ZX6.txt [ /olympiaverlag.122.2o7.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\X2518WDI.txt [ /ad.movad.net ]
	C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\G8GK1YNO.txt [ /yieldmanager.net ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\CAP0D5SM.txt [ Cookie:XXX@serv1.sweetpacks.com/adServe/banners ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\FD1JJ98A.txt [ Cookie:XXX@serv1.sweetpacks.com/adServe ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\BGQ31PVI.txt [ Cookie:XXX@serv1.sweetpacks.com/adServe/static/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\9QR2SAS2.txt [ Cookie:XXX@tradedoubler.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\B2PB3QZJ.txt [ Cookie:XXX@revsci.net/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\9J3BO6DU.txt [ Cookie:XXX@track.webtrekk.net/523478367474333/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\OOS60QZX.txt [ Cookie:XXX@doubleclick.net/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\SU2822TN.txt [ Cookie:XXX@ckz.rajce.idnes.cz/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\4A4ETU1X.txt [ Cookie:XXX@serving-sys.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\BRBWFOA8.txt [ Cookie:XXX@zanox-affiliate.de/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\8FBKWSGP.txt [ Cookie:XXX@ubesttorrent2011.com/tracking/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\D4M515YX.txt [ Cookie:XXX@c.atdmt.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\K42BWSHG.txt [ Cookie:XXX@in.getclicky.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\0IO3XFON.txt [ Cookie:XXX@atdmt.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\6GXADOLD.txt [ Cookie:XXX@adultfriendfinder.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XCMPTK38.txt [ Cookie:XXX@zanox.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\3BU89BWN.txt [ Cookie:XXX@webmasterplan.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\NTQEY0CF.txt [ Cookie:XXX@idnes.cz/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXX@msnportal.112.2o7[1].txt [ Cookie:XXX@msnportal.112.2o7.net/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\N8BZIRGV.txt [ Cookie:XXX@bs.serving-sys.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\HBY1MRRP.txt [ Cookie:XXX@youporngay.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\3V3XP3EI.txt [ Cookie:XXX@eas4.emediate.eu/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\I8I9B9T1.txt [ Cookie:XXX@advertising.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\MFKZZSFL.txt [ Cookie:XXX@ckz.rajce.idnes.cz/_www_root_/ajax/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\M7OU5E0M.txt [ Cookie:XXX@112.2o7.net/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\BV0T6B8E.txt [ Cookie:XXX@ru4.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\TOO8QN1D.txt [ Cookie:XXX@apmebf.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXX@studivz.adfarm1.adition[2].txt [ Cookie:XXX@studivz.adfarm1.adition.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\RV3A7CVO.txt [ Cookie:XXX@traffictrack.de/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\ABUIEVWI.txt [ Cookie:XXX@rajce.idnes.cz/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\D11UWQ6E.txt [ Cookie:XXX@xiti.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\HL7XU0W7.txt [ Cookie:XXX@exoclick.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\0UVW4K8Y.txt [ Cookie:XXX@www.rajce.idnes.cz/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\APRMJFUA.txt [ Cookie:XXX@www.youporngay.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XGYL9S7I.txt [ Cookie:XXX@de.youporngay.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\YAHWXVKQ.txt [ Cookie:XXX@specificclick.net/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\UTDGUWEW.txt [ Cookie:XXX@media6degrees.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\821FFTFT.txt [ Cookie:XXX@guj.122.2o7.net/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\QB0OKUEO.txt [ Cookie:XXX@triptosex.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\S7EEVNUT.txt [ Cookie:XXX@ad4.adfarm1.adition.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\3F6LEI9E.txt [ Cookie:XXX@invitemedia.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\HDFVVOW8.txt [ Cookie:XXX@linksynergy.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\75MHS3XX.txt [ Cookie:XXX@yieldmanager.net/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\DJVI8BD9.txt [ Cookie:XXX@ad.yieldmanager.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\GT65RV4Z.txt [ Cookie:XXX@ad.dyntracker.de/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\UFGM1GZ3.txt [ Cookie:XXX@tracking.quisma.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\WXUUFRKT.txt [ Cookie:XXX@ww251.smartadserver.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\P4VTWS2K.txt [ Cookie:XXX@www.triptosex.com/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\K8A6TH90.txt [ Cookie:XXX@adform.net/ ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y26BEWMD.txt [ Cookie:XXX@imrworldwide.com/cgi-bin ]
	C:\USERS\XXX\Cookies\VLXYLB0S.txt [ Cookie:XXX@im.banner.t-online.de/ ]
	C:\USERS\XXX\Cookies\08QF4GRH.txt [ Cookie:XXX@tradedoubler.com/ ]
	C:\USERS\XXX\Cookies\8JNZWTON.txt [ Cookie:XXX@revsci.net/ ]
	C:\USERS\XXX\Cookies\59YVD7J4.txt [ Cookie:XXX@insightexpressai.com/ ]
	C:\USERS\XXX\Cookies\0ZFOXLS9.txt [ Cookie:XXX@de.sitestat.com/ndr/tagesschau/ ]
	C:\USERS\XXX\Cookies\M6DBO4VZ.txt [ Cookie:XXX@media6degrees.com/ ]
	C:\USERS\XXX\Cookies\UG7MGMXE.txt [ Cookie:XXX@doubleclick.net/ ]
	C:\USERS\XXX\Cookies\12UKEHAH.txt [ Cookie:XXX@serving-sys.com/ ]
	C:\USERS\XXX\Cookies\FSNEFH72.txt [ Cookie:XXX@zanox-affiliate.de/ ]
	C:\USERS\XXX\Cookies\U7JJ1YQX.txt [ Cookie:XXX@bs.serving-sys.com/ ]
	C:\USERS\XXX\Cookies\7CQ18W95.txt [ Cookie:XXX@c.atdmt.com/ ]
	C:\USERS\XXX\Cookies\V6NET14Y.txt [ Cookie:XXX@apmebf.com/ ]
	C:\USERS\XXX\Cookies\VHRKW05W.txt [ Cookie:XXX@parship.122.2o7.net/ ]
	C:\USERS\XXX\Cookies\6BEF4FMH.txt [ Cookie:XXX@atdmt.com/ ]
	C:\USERS\XXX\Cookies\8KZCP852.txt [ Cookie:XXX@adfarm1.adition.com/ ]
	C:\USERS\XXX\Cookies\2ZCO0OC7.txt [ Cookie:XXX@ad3.adfarm1.adition.com/ ]
	C:\USERS\XXX\Cookies\5SRL62FG.txt [ Cookie:XXX@zanox.com/ ]
	C:\USERS\XXX\Cookies\WTTMS3BZ.txt [ Cookie:XXX@webmasterplan.com/ ]
	C:\USERS\XXX\Cookies\Q80AIOHK.txt [ Cookie:XXX@bs.serving-sys.com/ ]
	C:\USERS\XXX\Cookies\CBLZULZR.txt [ Cookie:XXX@atdmt.com/ ]
	C:\USERS\XXX\Cookies\FYNV03HH.txt [ Cookie:XXX@nextag.de/ ]
	C:\USERS\XXX\Cookies\R40GVL14.txt [ Cookie:XXX@counter2.sexmoney.com/ ]
	C:\USERS\XXX\Cookies\2WLR4GWC.txt [ Cookie:XXX@de.sitestat.com/ndr/ts/ ]
	C:\USERS\XXX\Cookies\LLFAJRO2.txt [ Cookie:XXX@apmebf.com/ ]
	C:\USERS\XXX\Cookies\PTNBOSEL.txt [ Cookie:XXX@ad.zanox.com/ ]
	C:\USERS\XXX\Cookies\3IDK10ZT.txt [ Cookie:XXX@xiti.com/ ]
	C:\USERS\XXX\Cookies\4IZUY5AI.txt [ Cookie:XXX@counter.sexsuche.tv/ ]
	C:\USERS\XXX\Cookies\CAP0D5SM.txt [ Cookie:XXX@serv1.sweetpacks.com/adServe/banners ]
	C:\USERS\XXX\Cookies\MWST3MG9.txt [ Cookie:XXX@de.sitestat.com/ndr/tagesschau/ ]
	C:\USERS\XXX\Cookies\6QVNX139.txt [ Cookie:XXX@ad.zanox.com/ ]
	C:\USERS\XXX\Cookies\1102HIVL.txt [ Cookie:XXX@ad1.adfarm1.adition.com/ ]
	C:\USERS\XXX\Cookies\1R6Q9RTY.txt [ Cookie:XXX@specificclick.net/ ]
	C:\USERS\XXX\Cookies\8NO2CM55.txt [ Cookie:XXX@guj.122.2o7.net/ ]
	C:\USERS\XXX\Cookies\I85YXGV8.txt [ Cookie:XXX@media6degrees.com/ ]
	C:\USERS\XXX\Cookies\GY2Q60C6.txt [ Cookie:XXX@fastclick.net/ ]
	C:\USERS\XXX\Cookies\15WADYSW.txt [ Cookie:XXX@ad4.adfarm1.adition.com/ ]
	C:\USERS\XXX\Cookies\R5DDBNDX.txt [ Cookie:XXX@invitemedia.com/ ]
	C:\USERS\XXX\Cookies\UT0OSKPY.txt [ Cookie:XXX@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
	C:\USERS\XXX\Cookies\3Q0RSBC5.txt [ Cookie:XXX@www.netdebit-counter.de/ ]
	C:\USERS\XXX\Cookies\OCW2ONG3.txt [ Cookie:XXX@tracking.quisma.com/ ]
	C:\USERS\XXX\Cookies\MIO5DGCN.txt [ Cookie:XXX@ad.yieldmanager.com/ ]
	C:\USERS\XXX\Cookies\LFR04K2U.txt [ Cookie:XXX@ad.dyntracker.de/ ]
	C:\USERS\XXX\Cookies\S3NGC7ET.txt [ Cookie:XXX@ww251.smartadserver.com/ ]
	C:\USERS\XXX\Cookies\HR95TZ1L.txt [ Cookie:XXX@adform.net/ ]
	C:\USERS\XXX\Cookies\LB9AA9NP.txt [ Cookie:XXX@imrworldwide.com/cgi-bin ]
	C:\USERS\XXX\Cookies\FD1JJ98A.txt [ Cookie:XXX@serv1.sweetpacks.com/adServe ]
	C:\USERS\XXX\Cookies\ZWRZ0ZX6.txt [ Cookie:XXX@olympiaverlag.122.2o7.net/ ]
	C:\USERS\XXX\Cookies\BGQ31PVI.txt [ Cookie:XXX@serv1.sweetpacks.com/adServe/static/ ]
	C:\USERS\XXX\Cookies\G8GK1YNO.txt [ Cookie:XXX@yieldmanager.net/ ]
	adserv.quality-channel.de [ C:\USERS\XXX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SXXTNPJM ]
	ia.media-imdb.com [ C:\USERS\XXX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SXXTNPJM ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adserv.quality-channel.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ad.de.doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ad-emea.doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ad-emea.doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.112.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.elitepartner.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.a.revenuemax.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.youporngay.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.youporngay.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.youporngay.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.www4.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.aka-cdn-ns.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.aka-cdn-ns.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	mediathek.daserste.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	tracker.bmtsystem.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	wstat.wibiya.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adserv.quality-channel.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.mediafire.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.youporngay.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.youporngay.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.youporngay.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.hitbox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.phg.hitbox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	aimfar.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.weboramapublishertrackinguk2.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.weboramapublishertrackinguk2.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.pathfinder.wikia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.pathfinder.wikia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	pathfinder.wikia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.game-advertising-online.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	pathfinder.wikia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.media.fastclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6aelyooc5agp.stats.esomniture.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www7.addfreestats.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webstatsdomain.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webstatsdomain.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.webstatsdomain.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.advertisingenhanced.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.advertisingenhanced.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.advertstream.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	adprudence.rotator.hadj7.adjuggler.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.track.right-ads.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.srv.resultsmedia.biz [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.universal-traffic.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	trackstatsnow.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.visit-tracker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.universal-traffic.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.track-visits.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.track-visits.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.openisbn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.openisbn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.bwincom.122.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.openisbn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.openisbn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.openisbn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.openisbn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.openisbn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.openisbn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.openisbn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.openisbn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.pathfinderwiki.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.pathfinderwiki.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.pathfinderdb.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.pathfinderdb.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webstats4u.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.advertstream.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www2.adserverpub.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.universal-traffic.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adnetwork.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	tracking.hostgator.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.mediafire.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.mediafire.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.mediafire.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.mediafire.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tto2.traffictrack.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	counter.hitslink.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	targeting.revenuemax.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.quartermedia.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tns-counter.ru [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.openstat.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.c1.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	partners.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.flagcounter.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	banner.electronic-arts.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.active-tracking.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.active-tracking.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.active-tracking.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	adserver.sevenload.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.oms.122.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revenuemax.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.unrulymedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tracking.mindshare.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.eaeacom.112.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	s2.netxmedia.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	farm1.netxmedia.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.parship.122.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.dailymotionpoc.112.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revenuemax.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	server.adformdsp.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adformdsp.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tradetracker.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	stat.gruene-bundestag.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	traffic.brand-wall.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.burstnet.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	zbox.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	adx2.chip.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.gs-media.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.usenext.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.olympiaverlag.122.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	tomtailor.dyntracker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.myroitracking.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.clicksor.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.clicksor.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.clicksor.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.clicksor.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.clicksor.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	aa.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	handpickedmedia.co.uk [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RL45WB5X.DEFAULT\COOKIES.SQLITE ]

cosinus · 16.09.2012, 18:25

Code:

ATTFilter

UAC On - Limited User

Wie hast du SUPERAntiSpyware gestartet? Einfach per Doppelklick?

15.09.2012, 12:43	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolzei Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

16.09.2012, 18:25	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolzei Trojaner Code: ATTFilter UAC On - Limited User Wie hast du SUPERAntiSpyware gestartet? Einfach per Doppelklick? __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolzei Trojaner

Plagegeister aller Art und deren Bekämpfung: Bundespolzei Trojaner