Google und IExplorer öffnen Werbeseiten, AVir meldet Viren, HiJack funktioniert nicht

jejapalli · 22.04.2010, 14:15

Hi an alle!

Ich bin neu hier und habe folgendes Problem:

Ich glaube mein Laptop ist mit einem oder mehreren Virus infiziert:

- Google leitet mich ständig auf irgendwelche Werbeseiten um, erst nach dem zweiten oder dritten Aufruf kommt die gewünschte Seite
- AntiVir meldet mir ununterbrochen die Meldung "Malware gefunden", Dateinamen sind u.a.'TR/Renos.163328' und 'TR/FakeAV.CX.664' (falls das was hilft)
- Internet Explorer öffnet sich regelmäßig mit Werbeseiten
- Ich wollte ein Logfile mit HiJack machen, aber das Programm lässt sich nicht mehr öffnen (auch nach De- und Neuinstallation; Umbennenung nützt nichts)

Mein Betriebssystem ist Windows Vista, mein Browser ist Mozilla Firefox und mein Virenprogramm ist Avira AntiVir.

Ich habe mich schon überall erkundigt, aber konnte nichts vergleichbares finden..
Ich hoffe Ihr könnt mir helfen!!

Danke schonmal im Vorraus!

cosinus · 22.04.2010, 20:32

Hallo und

Mach bitte einen Vollscan mit Malwarebytes und poste das Log. Falls das Tool nicht startet oder Du andere Probleme damit hast, bitte das hier beachten > http://www.trojaner-board.de/82699-m...tet-nicht.html

Danach bitte OTL anwenden:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

jejapalli · 23.04.2010, 13:45

Hi Arne,

erstmal vielen dank für deine Antwort!

Bei "Malwarebytes" ist es das gleiche wie bei HiJack: nach der Installation lässt sich das Programm nicht öffnen, Umbenennen klappt aucht nicht.

Immerhin klappen die Logfiles von OTL:

hier der erste aus der Datei OTL.txt:

OTL logfile created on: 22.04.2010 22:15:13 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\****\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Marius\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Marius\AppData\Local\Temp\Icx.exe ()
PRC - C:\Windows\Ivyzaa.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\MPK\MPK.exe ()
PRC - C:\Programme\VideoLAN\VLC\vlc.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\winadm.exe (Müller)
PRC - C:\Programme\Google\Google EULA\GoogleEULALauncher.exe ( )
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\winadmd.exe (-)

========== Modules (SafeList) ==========

MOD - C:\Users\Marius\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partyfans.com - Startseite
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.partyfans.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 17:34:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 17:34:06 | 000,000,000 | ---D | M]

[2009.02.13 15:15:01 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\mozilla\Extensions
[2010.04.22 21:24:54 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\7c6qlmo8.default\extensions
[2010.02.26 17:54:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\7c6qlmo8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.05.01 17:53:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\7c6qlmo8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.12.01 18:02:53 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\7c6qlmo8.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.12.01 20:06:30 | 000,000,873 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\Mozilla\FireFox\Profiles\7c6qlmo8.default\searchplugins\conduit.xml
[2010.04.20 18:28:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.02.21 23:07:54 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FSC OSD Utility] c:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.)
O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{87C9D88F-FF1A-8564-C4AF-86C7B6719F7F}] C:\Users\Marius\AppData\Roaming\winupd.exe File not found
O4 - HKCU..\Run: [EPSON Stylus DX9400F Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKCU..\Run: [Windows Update] C:\Users\Marius\AppData\Roaming\winupd.exe File not found
O4 - HKCU..\Run: [winlog.exe] C:\Users\Marius\AppData\Roaming\Microsoft\winlog.exe File not found
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\Marius\AppData\Local\Temp\Icx.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.202,85.255.112.190
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (aFbsPCkCr.dll) - C:\Windows\System32\aFbsPCkCr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\MPK\MPK.exe) - C:\Windows\System32\MPK\MPK.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.05 14:14:55 | 000,000,269 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{eb28d790-784b-11de-a4bc-00238b40fc93}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.21 04:23:31 | 000,013,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = xefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010.04.22 22:01:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.22 22:01:46 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.22 22:01:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.22 22:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.21 14:55:34 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.21 14:51:50 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Marius\Desktop\HJTInstall.exe
[2010.04.21 14:41:55 | 000,000,000 | ---D | C] -- C:\Programme\HijackThis
[2010.04.20 17:14:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.04.18 15:54:14 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010.04.18 15:52:46 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2010.04.18 15:52:46 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010.04.18 15:52:46 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010.04.18 15:52:06 | 000,000,000 | ---D | C] -- C:\Programme\Sony Ericsson
[2010.04.15 16:09:53 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 16:09:52 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 16:09:50 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.15 16:09:45 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.08 20:59:43 | 000,000,000 | ---D | C] -- C:\Programme\RdDrv001
[2010.03.31 16:41:11 | 000,000,000 | ---D | C] -- C:\Programme\DeskTask
[2010.03.31 12:37:50 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.03.31 12:37:49 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 12:37:49 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 12:37:49 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.03.31 12:37:49 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 12:37:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.03.31 12:37:49 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 12:37:49 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.03.31 12:37:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 12:37:48 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.31 12:37:48 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.28 19:26:11 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\skypePM
[2010.03.28 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Skype
[2010.03.28 19:24:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.03.28 19:24:05 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.03.28 19:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.03.24 20:57:08 | 000,000,000 | ---D | C] -- C:\Users\Marius\Desktop\office

========== Files - Modified Within 30 Days ==========

[2010.04.22 22:21:03 | 002,883,584 | -HS- | M] () -- C:\Users\Marius\NTUSER.DAT
[2010.04.22 22:09:02 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.22 22:07:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.22 22:07:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.22 22:00:01 | 000,000,262 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2010.04.22 21:57:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.22 20:39:02 | 000,000,248 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.22 20:12:29 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.22 20:12:29 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.22 20:12:29 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.22 20:12:29 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.22 20:12:29 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.22 20:07:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.22 20:07:11 | 3079,262,208 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.22 20:06:22 | 000,524,288 | -HS- | M] () -- C:\Users\Marius\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.22 20:06:22 | 000,065,536 | -HS- | M] () -- C:\Users\Marius\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.22 20:06:20 | 002,167,776 | -H-- | M] () -- C:\Users\Marius\AppData\Local\IconCache.db
[2010.04.22 20:05:48 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.22 15:51:25 | 000,229,888 | ---- | M] () -- C:\Users\Marius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.21 14:59:21 | 000,001,880 | ---- | M] () -- C:\Users\Marius\Desktop\test.com.lnk
[2010.04.21 14:56:26 | 206,690,363 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.21 14:51:53 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Marius\Desktop\HJTInstall.exe
[2010.04.18 19:18:03 | 000,163,328 | ---- | M] () -- C:\Windows\Ivyzaa.exe
[2010.04.18 15:58:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.04.18 15:58:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.04.18 15:54:14 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010.04.18 15:52:46 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2010.04.18 15:52:46 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010.04.18 15:52:46 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010.04.17 13:28:04 | 000,001,038 | ---- | M] () -- C:\Users\Marius\Desktop\DVDVideoSoft Free Studio.lnk
[2010.04.13 19:59:25 | 000,011,269 | ---- | M] () -- C:\Users\Marius\Desktop\Termine.odt
[2010.04.06 14:54:26 | 000,015,440 | ---- | M] () -- C:\Users\Marius\Documents\Parties 10.odt
[2010.04.06 14:28:09 | 000,011,325 | ---- | M] () -- C:\Users\Marius\Documents\EB Elena.odt
[2010.03.31 16:55:38 | 000,040,448 | ---- | M] () -- C:\Users\Marius\Documents\Inhaltsverzeichnis_TonArt_2010[1].doc
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.28 19:26:12 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.03.28 19:24:07 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2010.04.21 15:02:53 | 3079,262,208 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.21 14:59:21 | 000,001,880 | ---- | C] () -- C:\Users\Marius\Desktop\test.com.lnk
[2010.04.18 19:18:11 | 000,163,328 | ---- | C] () -- C:\Windows\Ivyzaa.exe
[2010.04.18 19:18:08 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.18 19:18:05 | 000,000,248 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.04.18 15:58:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.04.18 15:58:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.04.06 14:28:08 | 000,011,325 | ---- | C] () -- C:\Users\Marius\Documents\EB Elena.odt
[2010.04.01 12:56:16 | 000,011,269 | ---- | C] () -- C:\Users\Marius\Desktop\Termine.odt
[2010.03.31 16:55:37 | 000,040,448 | ---- | C] () -- C:\Users\Marius\Documents\Inhaltsverzeichnis_TonArt_2010[1].doc
[2010.03.28 19:26:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.28 19:24:07 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.02.28 19:13:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Mswinmask32.dll
[2010.02.24 23:47:33 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\wCoojU.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\uJvAs.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\TQPgbKfQY.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\rAxvgyID.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\drivers\oNiowTd.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\drivers\oKoCnB.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\obaxabwbS.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\drivers\nagMy.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\KevUteTym.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\jlKncRSgO.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\hrOTB.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\FWnTxB.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\FfbPtM.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\ENsnkPl.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\CIaupFNS.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\AjDmNPw.dll
[2010.02.21 12:41:40 | 001,639,424 | ---- | C] () -- C:\Windows\System32\aFbsPCkCr.dll
[2009.12.20 18:21:32 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.10.31 16:52:38 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.02.09 22:00:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.09 21:22:54 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.10.10 15:12:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.04.25 15:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2008.01.21 04:24:46 | 000,136,815 | ---- | C] () -- C:\Windows\uGvBAFp.dll
[2008.01.21 04:24:42 | 000,128,111 | ---- | C] () -- C:\Windows\System32\drivers\GsxqiLb.dll
[2008.01.21 04:24:27 | 000,799,343 | ---- | C] () -- C:\Windows\System32\vTQRss.dll
[2008.01.21 04:23:54 | 000,076,911 | ---- | C] () -- C:\Windows\kqEXvljr.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:11:39 | 000,002,671 | ---- | C] () -- C:\Windows\BtkHrn.dll
[2004.08.09 09:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2004.06.02 09:41:14 | 000,039,936 | ---- | C] () -- C:\Windows\System32\dwlGina2.dll
[2004.04.06 23:16:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PVAdoCtl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 889 bytes -> C:\Users\Marius\Documents\Guitar Pro 5_ License and instructions.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Marius\Desktop\CIMG2816.AVI:TOC.WMV
< End of report >

jejapalli · 23.04.2010, 13:47

...und hier der 2. Log, Datei Extras.txt:

OTL Extras logfile created on: 22.04.2010 22:15:13 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Marius\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = xefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FD623B-9A8B-4A8A-BEAE-653B70B872FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16CE7A75-C1BA-42F1-8D79-59896ED45E63}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4D7DEEE6-EC53-4D5E-9B8A-85CBF104155C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6B5C350E-637A-4E9C-9169-2430AC1D9FBD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{85923BD0-C32E-40FD-AEB9-AEEB67FF9C08}" = lport=2869 | protocol=6 | dir=in | app=system |
"{86EEE681-A0AB-428B-B415-FCD0712E4464}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4731F67-7EDE-497C-82E7-A5D523349742}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D710717F-FE06-4F60-BED3-78790F6B3866}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D8BA4B7C-F06E-437F-9C6C-77353783EEB0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FFE1E641-BAB4-4E19-B8BD-E2BEC9EA685D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05ABA015-BA1F-4C7F-B175-57ED4C6B208E}" = protocol=17 | dir=in | app=c:\program files\webcam 7\wlite.exe |
"{2C2670F9-ED50-42D9-B891-EBB1184D8089}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2DABE7D4-4D89-4CCA-9E8B-99205EA92EA5}" = protocol=6 | dir=in | app=c:\program files\webcam 7\wservice.exe |
"{32561091-7A0B-4CDD-8BCD-7062B73D1772}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{369B269E-1D65-4B24-B364-362C63ACEAFB}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{48049245-7B91-4583-83F2-DB3281DD2234}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4F394830-7620-4C1D-943A-2BF145485F29}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58156763-910E-4031-9502-B5F45FB4616B}" = protocol=17 | dir=in | app=c:\program files\webcam 7\wservice.exe |
"{5BF92C33-701B-4F97-8202-9D232C5C841D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62506E2D-9259-4805-BB78-6840F2F3D5DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75054E42-8EAE-4306-8F45-F106B0860D67}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7C828BAF-72EA-46A1-B995-D27C15AE6F5B}" = protocol=6 | dir=in | app=c:\program files\abelcam\abelcam.exe |
"{927E5400-8651-448D-8885-CE5055D58505}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9E585A28-A6E6-43DE-A1DE-B9A8D3683627}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A0BAD5C1-C3A7-43F8-98E5-DF735F21F2C5}" = protocol=17 | dir=in | app=c:\program files\abelcam\abelcam.exe |
"{A75120F8-470B-4056-9B9E-0B9DD424EF1D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AE653943-9741-44F8-AFD8-2EC30CFC3B7C}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{CAF59184-F739-41D9-A3E6-517F4C5C0A2E}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{E72D52C6-C345-4D00-B648-2ADC5C19C2B1}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{EDD2F28A-E5B2-4E7C-914F-8409D36F1490}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F3C80B59-DCA8-4C5F-86E8-483B495462E2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FAB0FD31-790D-428F-BB30-59432E563AA8}" = protocol=6 | dir=in | app=c:\program files\webcam 7\wlite.exe |
"TCP Query User{07B77FE6-2B40-4CC4-801F-3A8C0C321311}C:\users\marius\desktop\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\marius\desktop\ipcurve\ipcurve.exe |
"TCP Query User{1F147715-50EB-48FE-89EF-7E6092A93FC6}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{2E08D9C7-B7A0-4990-A7F2-13A5FEB33575}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{389FCAD2-527B-428D-8945-0A6AF5AB2E13}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"TCP Query User{689CBE03-C3E5-462E-8804-468BC2B16DA3}C:\program files\webcam\webcam123\wsrv.exe" = protocol=6 | dir=in | app=c:\program files\webcam\webcam123\wsrv.exe |
"TCP Query User{81DBB58C-B32B-4876-A800-D6E6B4A4C105}C:\program files\ipcurve\achtung, die kurve.exe" = protocol=6 | dir=in | app=c:\program files\ipcurve\achtung, die kurve.exe |
"TCP Query User{C87CC01C-9265-4EB2-957F-3CBDF82E8022}C:\program files\webcam\webcam123\webcam.exe" = protocol=6 | dir=in | app=c:\program files\webcam\webcam123\webcam.exe |
"TCP Query User{D2148BD0-B056-4688-AB85-032C10C17D35}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{D3832F4A-22D4-4E63-9E7A-C9B7EC5E2920}C:\users\marius\downloads\racer\racer.exe" = protocol=6 | dir=in | app=c:\users\marius\downloads\racer\racer.exe |
"TCP Query User{E93AF556-6F9E-47EC-9A58-A0CBA9E933A3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{63989EB8-CA9A-49A1-BAC0-FD484FB1C955}C:\users\marius\downloads\racer\racer.exe" = protocol=17 | dir=in | app=c:\users\marius\downloads\racer\racer.exe |
"UDP Query User{673F18C8-0C09-4878-AFE8-D3F6AB3555E3}C:\users\marius\desktop\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\marius\desktop\ipcurve\ipcurve.exe |
"UDP Query User{6D13C780-FF93-4EDE-BB36-6C9C468CA0CF}C:\program files\webcam\webcam123\webcam.exe" = protocol=17 | dir=in | app=c:\program files\webcam\webcam123\webcam.exe |
"UDP Query User{9CF2EAC1-3280-4A52-B262-119AE647AF4C}C:\program files\webcam\webcam123\wsrv.exe" = protocol=17 | dir=in | app=c:\program files\webcam\webcam123\wsrv.exe |
"UDP Query User{CA521FBB-E49F-45DE-9DF3-03EEEC889E74}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{DD92D103-01E6-42B7-9C1D-EBF10FA58A98}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{DEAAA894-ADB9-45D5-8BA0-372C12EBB2B0}C:\program files\ipcurve\achtung, die kurve.exe" = protocol=17 | dir=in | app=c:\program files\ipcurve\achtung, die kurve.exe |
"UDP Query User{EA88F47C-2E56-4D73-A734-C139CD287FAB}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"UDP Query User{EB9F09BB-BF53-4A14-8A5B-F145B672BB46}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{FBEFE5C2-4C0F-499C-801F-3352300B2140}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.8.2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD56EEBC-16A0-4F8F-A1E0-88FE307485ED}" = Sven Oster-Edition
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{EB955EB6-8694-4739-9454-BE3A341A628B}" = AbelCam
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CTS2" = Catch the Sperm II
"desktask" = DeskTask (remove only)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.2
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Picasa2" = Picasa 2
"PokerStars.net" = PokerStars.net
"RolandRDID0104" = ME-25-Treiber
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"VLC media player" = VLC media player 1.0.2
"Webcam 1-2-3" = Webcam 1-2-3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21.04.2010 08:58:13 | Computer Name = Marius-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.04.2010 09:03:42 | Computer Name = Marius-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 21.04.2010 09:03:42 | Computer Name = Marius-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 21.04.2010 09:04:42 | Computer Name = Marius-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.04.2010 09:13:04 | Computer Name = Marius-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 21.04.2010 09:13:04 | Computer Name = Marius-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 21.04.2010 09:13:08 | Computer Name = Marius-PC | Source = WinMgmt | ID = 10
Description =

Error - 22.04.2010 08:42:52 | Computer Name = Marius-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 22.04.2010 08:42:52 | Computer Name = Marius-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 22.04.2010 08:42:57 | Computer Name = Marius-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 15.05.2009 08:42:51 | Computer Name = Marius-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 15.05.2009 08:44:45 | Computer Name = Marius-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.35 für die Netzwerkkarte mit der Netzwerkadresse
00225F413159 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 15.05.2009 10:49:11 | Computer Name = Marius-PC | Source = HTTP | ID = 15016
Description =

Error - 16.05.2009 03:27:38 | Computer Name = Marius-PC | Source = HTTP | ID = 15016
Description =

Error - 16.05.2009 06:00:38 | Computer Name = Marius-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 16.05.2009 06:00:55 | Computer Name = Marius-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.35 für die Netzwerkkarte mit der Netzwerkadresse
00225F413159 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 16.05.2009 14:30:55 | Computer Name = Marius-PC | Source = HTTP | ID = 15016
Description =

Error - 17.05.2009 03:20:20 | Computer Name = Marius-PC | Source = HTTP | ID = 15016
Description =

Error - 17.05.2009 03:21:46 | Computer Name = Marius-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.35 für die Netzwerkkarte mit der Netzwerkadresse
00225F413159 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 17.05.2009 11:50:28 | Computer Name = Marius-PC | Source = HTTP | ID = 15016
Description =

< End of report >

cosinus · 23.04.2010, 14:37

Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - C:\Users\Marius\AppData\Local\Temp\Icx.exe ()
PRC - C:\Windows\Ivyzaa.exe ()
PRC - C:\Windows\System32\MPK\MPK.exe ()
PRC - C:\Windows\System32\winadm.exe (Müller)
PRC - C:\Windows\System32\winadmd.exe (-)
O4 - HKCU..\Run: [{87C9D88F-FF1A-8564-C4AF-86C7B6719F7F}] C:\Users\Marius\AppData\Roaming\winupd.exe File not found
O4 - HKCU..\Run: [Windows Update] C:\Users\Marius\AppData\Roaming\winupd.exe File not found
O4 - HKCU..\Run: [winlog.exe] C:\Users\Marius\AppData\Roaming\Microsoft\winlog.exe File not found
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\Marius\AppData\Local\Temp\Icx.exe ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.202,85.255.112.190
O20 - AppInit_DLLs: (aFbsPCkCr.dll) - C:\Windows\System32\aFbsPCkCr.dll ()
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\MPK\MPK.exe) - C:\Windows\System32\MPK\MPK.exe ()
[2010.04.22 22:09:02 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.18 19:18:11 | 000,163,328 | ---- | C] () -- C:\Windows\Ivyzaa.exe
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\wCoojU.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\uJvAs.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\TQPgbKfQY.dll
[2010.02.28 19:13:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Mswinmask32.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\rAxvgyID.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\drivers\oNiowTd.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\drivers\oKoCnB.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\obaxabwbS.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\drivers\nagMy.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\KevUteTym.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\jlKncRSgO.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\hrOTB.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\FWnTxB.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\FfbPtM.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\ENsnkPl.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\System32\CIaupFNS.dll
[2010.02.21 12:41:40 | 001,640,047 | ---- | C] () -- C:\Windows\AjDmNPw.dll
[2010.02.21 12:41:40 | 001,639,424 | ---- | C] () -- C:\Windows\System32\aFbsPCkCr.dll
[2008.01.21 04:24:46 | 000,136,815 | ---- | C] () -- C:\Windows\uGvBAFp.dll
[2008.01.21 04:24:42 | 000,128,111 | ---- | C] () -- C:\Windows\System32\drivers\GsxqiLb.dll
[2008.01.21 04:24:27 | 000,799,343 | ---- | C] () -- C:\Windows\System32\vTQRss.dll
[2008.01.21 04:23:54 | 000,076,911 | ---- | C] () -- C:\Windows\kqEXvljr.dll
:Commands
[resethosts]
[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.

jejapalli · 23.04.2010, 22:22

Hi,

hier der Log:

All processes killed
========== OTL ==========
No active process named Icx.exe was found!
No active process named Ivyzaa.exe was found!
No active process named MPK.exe was found!
No active process named winadm.exe was found!
No active process named winadmd.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{87C9D88F-FF1A-8564-C4AF-86C7B6719F7F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87C9D88F-FF1A-8564-C4AF-86C7B6719F7F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\winlog.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YVIBBBHA8C deleted successfully.
C:\Users\Marius\AppData\Local\Temp\Icx.exe moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:aFbsPCkCr.dll deleted successfully.
C:\Windows\System32\aFbsPCkCr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\MPK\MPK.exe deleted successfully.
C:\Windows\System32\MPK\MPK.exe moved successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\Windows\Ivyzaa.exe moved successfully.
C:\Windows\System32\wCoojU.dll moved successfully.
C:\Windows\System32\uJvAs.dll moved successfully.
C:\Windows\System32\TQPgbKfQY.dll moved successfully.
C:\Windows\System32\Mswinmask32.dll moved successfully.
C:\Windows\rAxvgyID.dll moved successfully.
C:\Windows\System32\drivers\oNiowTd.dll moved successfully.
C:\Windows\System32\drivers\oKoCnB.dll moved successfully.
C:\Windows\System32\obaxabwbS.dll moved successfully.
C:\Windows\System32\drivers\nagMy.dll moved successfully.
C:\Windows\System32\KevUteTym.dll moved successfully.
C:\Windows\System32\jlKncRSgO.dll moved successfully.
C:\Windows\hrOTB.dll moved successfully.
C:\Windows\System32\FWnTxB.dll moved successfully.
C:\Windows\FfbPtM.dll moved successfully.
C:\Windows\System32\ENsnkPl.dll moved successfully.
C:\Windows\System32\CIaupFNS.dll moved successfully.
C:\Windows\AjDmNPw.dll moved successfully.
File C:\Windows\System32\aFbsPCkCr.dll not found.
C:\Windows\uGvBAFp.dll moved successfully.
C:\Windows\System32\drivers\GsxqiLb.dll moved successfully.
C:\Windows\System32\vTQRss.dll moved successfully.
C:\Windows\kqEXvljr.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marius
->Temp folder emptied: 4645091876 bytes
->Temporary Internet Files folder emptied: 317663581 bytes
->Java cache emptied: 61751918 bytes
->FireFox cache emptied: 82063038 bytes
->Flash cache emptied: 1986981 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11872445 bytes
RecycleBin emptied: 1265199499 bytes

Total Files Cleaned = 6.090,00 mb

OTL by OldTimer - Version 3.2.2.0 log created on 04232010_231359

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 24.04.2010, 15:24

Kannst Du jetzt Malwarebytes starten? Falls das wieder nicht klappt => http://www.trojaner-board.de/82699-m...tet-nicht.html
Denk dann an die Signaturen (Malwarebytes aktualisieren) und an den Vollscan.

jejapalli · 24.04.2010, 17:55

Nein, Malwarebytes funktioniert immer noch nicht.

Wenn ich mbam-setup.exe und mbam.exe umbennene, bekomme ich beim öffnen von "mbam-setup.com" immer folgende Fehlermeldung:
ShellExecuteEx schlug fehl; Code 1155
Der angegebenen Datei ist keine Anwendung zugeordnet."

cosinus · 24.04.2010, 19:53

Nagut, dann mach bitte nen Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

jejapalli · 24.04.2010, 22:25

Hi,

ich habe ComboFix nach deiner Anleitung installiert und es hat sich auch ein Fenster geöffnet, aber es sah komplett anders aus als in der Beschreibung.
Einfach nur ein blaues Fenster, das dann einen Log erstellt hat (nachdem der Computer vom Programm 2 mal neugestartet wurde.).

Jetzt habe ich folgendes Problem:
Will ich Firefox oder ein beliebiges Programm öffnen, kommt diese Fehlermeldung: "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde."
Wenn ich Firefox als Administrator ausführe gibts keine Probleme.

Hier der 1. Teil des Logfiles (ich teils den Log auf, sonst wäre der Text zu lang:
ComboFix 10-04-21.01 - Marius 24.04.2010 22:13:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2936.2256 [GMT 2:00]
ausgeführt von:: c:\users\Marius\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2144284424-992376035-2959155835-500
c:\programdata\MPK
c:\programdata\MPK\1\D0000
c:\programdata\MPK\1\I40245_7022080440
c:\programdata\MPK\1\I40245_7056801273
c:\programdata\MPK\1\I40245_7091523032
c:\programdata\MPK\1\I40245_7126243171
c:\programdata\MPK\1\I40245_7160964583
c:\programdata\MPK\1\I40245_7195684954
c:\programdata\MPK\1\I40245_7230406481
c:\programdata\MPK\1\I40245_7265126968
c:\programdata\MPK\1\I40245_7299847917
c:\programdata\MPK\1\I40245_7334568518
c:\programdata\MPK\1\I40245_7369290162
c:\programdata\MPK\1\I40245_7404010417
c:\programdata\MPK\1\I40245_7438731366
c:\programdata\MPK\1\I40245_7473452199
c:\programdata\MPK\1\I40245_8423286574
c:\programdata\MPK\1\I40245_8458007870
c:\programdata\MPK\1\I40245_8492728357
c:\programdata\MPK\1\I40245_8527449653
c:\programdata\MPK\1\I40245_8562170949
c:\programdata\MPK\1\I40245_8596891551
c:\programdata\MPK\1\I40245_8675065394
c:\programdata\MPK\1\I40245_8711285069
c:\programdata\MPK\1\I40245_8746005440
c:\programdata\MPK\1\I40245_8780726042
c:\programdata\MPK\1\I40245_8815447106
c:\programdata\MPK\1\I40245_8850167593
c:\programdata\MPK\1\I40245_8884889005
c:\programdata\MPK\1\I40245_8919610417
c:\programdata\MPK\1\I40245_8954330324
c:\programdata\MPK\1\I40245_8989051620
c:\programdata\MPK\1\I40245_9023772222
c:\programdata\MPK\1\I40245_9058494213
c:\programdata\MPK\1\I40245_9093215046
c:\programdata\MPK\1\I40245_9127935417
c:\programdata\MPK\1\I40245_9162657639
c:\programdata\MPK\1\I40245_9197378356
c:\programdata\MPK\1\I40245_9266819560
c:\programdata\MPK\1\I40247_0023760069
c:\programdata\MPK\1\I40247_0077490162
c:\programdata\MPK\1\I40247_0112556944
c:\programdata\MPK\1\I40247_0147277546
c:\programdata\MPK\1\I40247_0181998495
c:\programdata\MPK\1\I40247_0216718981
c:\programdata\MPK\1\I40247_6076857292
c:\programdata\MPK\1\I40247_6111577662
c:\programdata\MPK\1\I40247_6146299190
c:\programdata\MPK\1\I40247_6181019676
c:\programdata\MPK\1\I40247_6215740856
c:\programdata\MPK\1\I40247_6250461227
c:\programdata\MPK\1\I40247_6285183102
c:\programdata\MPK\1\I40247_6319904051
c:\programdata\MPK\1\I40247_6354624306
c:\programdata\MPK\1\I40247_6389344907
c:\programdata\MPK\1\I40247_6424066319
c:\programdata\MPK\1\I40247_6482235532
c:\programdata\MPK\1\I40247_6518199421
c:\programdata\MPK\1\I40247_6552918981
c:\programdata\MPK\1\I40247_6587641204
c:\programdata\MPK\1\I40247_6622367824
c:\programdata\MPK\1\I40247_6961574074
c:\programdata\MPK\1\I40247_6996301157
c:\programdata\MPK\1\I40247_7031023843
c:\programdata\MPK\1\I40247_7065746412
c:\programdata\MPK\1\I40247_7100464236
c:\programdata\MPK\1\I40247_7135185532
c:\programdata\MPK\1\I40247_7169906019
c:\programdata\MPK\1\I40247_7204627083
c:\programdata\MPK\1\I40247_7239348611
c:\programdata\MPK\1\I40247_7274068981
c:\programdata\MPK\1\I40247_7541536806
c:\programdata\MPK\1\I40247_7576258102
c:\programdata\MPK\1\I40247_7610978472
c:\programdata\MPK\1\I40247_7645699884
c:\programdata\MPK\1\I40247_7680420255
c:\programdata\MPK\1\I40247_7715141551
c:\programdata\MPK\1\I40247_7749862153
c:\programdata\MPK\1\I40247_7784583565
c:\programdata\MPK\1\I40247_7819303819
c:\programdata\MPK\1\I40247_7854025000
c:\programdata\MPK\1\I40247_7888746412
c:\programdata\MPK\1\I40247_7923466782
c:\programdata\MPK\1\I40247_7958187269
c:\programdata\MPK\1\I40247_7992908681
c:\programdata\MPK\1\I40247_8027629051
c:\programdata\MPK\1\I40247_8062350231
c:\programdata\MPK\1\I40247_8097070718
c:\programdata\MPK\1\I40247_8131792130
c:\programdata\MPK\1\I40247_8166512500
c:\programdata\MPK\1\I40247_8201233796
c:\programdata\MPK\1\I40247_8235954167
c:\programdata\MPK\1\I40247_8298209259
c:\programdata\MPK\1\I40247_8334435764
c:\programdata\MPK\1\I40247_8369157176
c:\programdata\MPK\1\I40247_8403878472
c:\programdata\MPK\1\I40247_8626661111
c:\programdata\MPK\1\I40247_8674133565
c:\programdata\MPK\1\I40247_8709216204
c:\programdata\MPK\1\I40247_8743936574
c:\programdata\MPK\1\I40247_8778657639
c:\programdata\MPK\1\I40247_8813378125
c:\programdata\MPK\1\I40247_8848099190
c:\programdata\MPK\1\I40247_8882820486
c:\programdata\MPK\1\I40247_8917542130
c:\programdata\MPK\1\I40247_8952262616
c:\programdata\MPK\1\I40247_9056424768
c:\programdata\MPK\1\I40247_9091146065
c:\programdata\MPK\1\I40248_6455982870
c:\programdata\MPK\1\I40248_6490703935
c:\programdata\MPK\1\I40248_6525424421
c:\programdata\MPK\1\I40248_6560145949
c:\programdata\MPK\1\I40248_6594866088
c:\programdata\MPK\1\I40248_6629587153
c:\programdata\MPK\1\I40248_6664308333
c:\programdata\MPK\1\I40248_6699028935
c:\programdata\MPK\1\I40248_6733750463
c:\programdata\MPK\1\I40248_6768471181
c:\programdata\MPK\1\I40248_6803192477
c:\programdata\MPK\1\I40248_6837912847
c:\programdata\MPK\1\I40248_6872633681
c:\programdata\MPK\1\I40248_6907354282
c:\programdata\MPK\1\I40248_6942075694
c:\programdata\MPK\1\I40248_7018114468
c:\programdata\MPK\1\I40248_7060051620
c:\programdata\MPK\1\I40248_7094772569
c:\programdata\MPK\1\I40248_7129492940
c:\programdata\MPK\1\I40248_7164214352
c:\programdata\MPK\1\I40248_7198935185
c:\programdata\MPK\1\I40248_7233655556
c:\programdata\MPK\1\I40248_7268376389
c:\programdata\MPK\1\I40248_7303098264
c:\programdata\MPK\1\I40248_7337818171
c:\programdata\MPK\1\I40248_7404803241
c:\programdata\MPK\1\I40248_7439998611
c:\programdata\MPK\1\I40248_7474720949
c:\programdata\MPK\1\I40248_7509440856
c:\programdata\MPK\1\I40248_7544161343
c:\programdata\MPK\1\I40248_7578882639
c:\programdata\MPK\1\I40248_8908957870
c:\programdata\MPK\1\I40248_8943679514
c:\programdata\MPK\1\I40248_8978399884
c:\programdata\MPK\1\I40248_9013120602
c:\programdata\MPK\1\I40248_9047841551
c:\programdata\MPK\1\I40248_9082562963
c:\programdata\MPK\1\I40248_9117283449
c:\programdata\MPK\1\I40248_9152004745
c:\programdata\MPK\1\I40248_9186725116
c:\programdata\MPK\1\I40248_9221446528
c:\programdata\MPK\1\I40248_9325608565
c:\programdata\MPK\1\I40249_6947309838
c:\programdata\MPK\1\I40249_6982021643
c:\programdata\MPK\1\I40249_7016742014
c:\programdata\MPK\1\I40249_7051463657
c:\programdata\MPK\1\I40249_7086183796
c:\programdata\MPK\1\I40249_7120904745
c:\programdata\MPK\1\I40249_7155625579
c:\programdata\MPK\1\I40249_7190346412
c:\programdata\MPK\1\I40249_7225067708
c:\programdata\MPK\1\I40249_7259788426
c:\programdata\MPK\1\I40249_7294509144
c:\programdata\MPK\1\I40249_7329230093
c:\programdata\MPK\1\I40249_7363950926
c:\programdata\MPK\1\I40249_7398672107
c:\programdata\MPK\1\I40249_7433392593
c:\programdata\MPK\1\I40249_7468114468
c:\programdata\MPK\1\I40249_7502834375
c:\programdata\MPK\1\I40249_7537555903
c:\programdata\MPK\1\I40249_7572276273
c:\programdata\MPK\1\I40249_7606997685
c:\programdata\MPK\1\I40249_7641718287
c:\programdata\MPK\1\I40249_7979682523
c:\programdata\MPK\1\I40249_8014402431
c:\programdata\MPK\1\I40249_9819810301
c:\programdata\MPK\1\I40249_9875292940
c:\programdata\MPK\1\I40249_9911492824
c:\programdata\MPK\1\I40249_9946213310
c:\programdata\MPK\1\I40250_3959649306
c:\programdata\MPK\1\I40250_3994370023
c:\programdata\MPK\1\I40250_4029091551
c:\programdata\MPK\1\I40250_5029441204
c:\programdata\MPK\1\I40250_5064162616
c:\programdata\MPK\1\I40250_5098883102
c:\programdata\MPK\1\I40250_5133604398
c:\programdata\MPK\1\I40250_5168326620
c:\programdata\MPK\1\I40250_5203047106
c:\programdata\MPK\1\I40250_5500413194
c:\programdata\MPK\1\I40250_5535134259
c:\programdata\MPK\1\I40250_5569854745
c:\programdata\MPK\1\I40250_5709907523
c:\programdata\MPK\1\I40250_5744629282
c:\programdata\MPK\1\I40250_5779349768
c:\programdata\MPK\1\I40250_5814070833
c:\programdata\MPK\1\I40250_5848791435
c:\programdata\MPK\1\I40250_5883512153
c:\programdata\MPK\1\I40250_5918233681
c:\programdata\MPK\1\I40250_5952954051
c:\programdata\MPK\1\I40250_5987674653
c:\programdata\MPK\1\I40250_6022395718
c:\programdata\MPK\1\I40250_6057116204
c:\programdata\MPK\1\I40250_6113535880
c:\programdata\MPK\1\I40250_6148257292
c:\programdata\MPK\1\I40250_6182977662
c:\programdata\MPK\1\I40250_6217699421
c:\programdata\MPK\1\I40250_6252419676
c:\programdata\MPK\1\I40250_6287140278
c:\programdata\MPK\1\I40250_6321861806
c:\programdata\MPK\1\I40250_6356582176
c:\programdata\MPK\1\I40250_6391302894
c:\programdata\MPK\1\I40250_6426024190
c:\programdata\MPK\1\I40250_6460744907
c:\programdata\MPK\1\I40250_6495465394
c:\programdata\MPK\1\I40250_6530217014
c:\programdata\MPK\1\I40250_6564907639
c:\programdata\MPK\1\I40250_6599628125
c:\programdata\MPK\1\I40250_6634349421
c:\programdata\MPK\1\I40250_6669070023
c:\programdata\MPK\1\I40250_6703790741
c:\programdata\MPK\1\I40250_6738520833
c:\programdata\MPK\1\I40250_6773232986
c:\programdata\MPK\1\I40250_6807954167
c:\programdata\MPK\1\I40250_6842674306
c:\programdata\MPK\1\I40250_6877395486
c:\programdata\MPK\1\I40250_6912116782
c:\programdata\MPK\1\I40250_6946837037
c:\programdata\MPK\1\I40250_8000884491
c:\programdata\MPK\1\I40250_8035604977
c:\programdata\MPK\1\I40250_8070326389
c:\programdata\MPK\1\I40250_8355201273
c:\programdata\MPK\1\I40250_8389903009
c:\programdata\MPK\1\I40250_8424623727
c:\programdata\MPK\1\I40250_8459345023
c:\programdata\MPK\1\I40251_4980855787
c:\programdata\MPK\1\I40251_5038035069
c:\programdata\MPK\1\I40251_5074047917
c:\programdata\MPK\1\I40251_5108769097
c:\programdata\MPK\1\I40251_5143490509
c:\programdata\MPK\1\I40251_5178211111
c:\programdata\MPK\1\I40251_5212931366
c:\programdata\MPK\1\I40251_5247665741
c:\programdata\MPK\1\I40251_5641246065
c:\programdata\MPK\1\I40251_5675966435
c:\programdata\MPK\1\I40251_5710835995
c:\programdata\MPK\1\I40251_5745408218
c:\programdata\MPK\1\I40251_5780129745
c:\programdata\MPK\1\I40251_5814850810
c:\programdata\MPK\1\I40251_5849570718
c:\programdata\MPK\1\I40251_5884398264
c:\programdata\MPK\1\I40251_6196011690
c:\programdata\MPK\1\I40251_6230736458
c:\programdata\MPK\1\I40251_6265459144
c:\programdata\MPK\1\I40251_6300177199
c:\programdata\MPK\1\I40251_6334898843
c:\programdata\MPK\1\I40251_6369619213
c:\programdata\MPK\1\I40251_6404340393
c:\programdata\MPK\1\I40251_6439061458
c:\programdata\MPK\1\I40251_6473782060
c:\programdata\MPK\1\I40251_6508502662
c:\programdata\MPK\1\I40251_6543224074
c:\programdata\MPK\1\I40251_6577944444
c:\programdata\MPK\1\I40251_6612665741
c:\programdata\MPK\1\I40251_6647386111
c:\programdata\MPK\1\I40251_6682107176
c:\programdata\MPK\1\I40251_6716828472
c:\programdata\MPK\1\I40251_6751549884
c:\programdata\MPK\1\I40251_6786270023
c:\programdata\MPK\1\I40251_6820991667
c:\programdata\MPK\1\I40251_6855711921
c:\programdata\MPK\1\I40251_6890432407
c:\programdata\MPK\1\I40251_6925153588
c:\programdata\MPK\1\I40251_6959875000
c:\programdata\MPK\1\I40251_6994595023
c:\programdata\MPK\1\I40251_7029315741
c:\programdata\MPK\1\I40251_7064036806
c:\programdata\MPK\1\I40251_7098757755
c:\programdata\MPK\1\I40251_7133478935
c:\programdata\MPK\1\I40251_7168199537
c:\programdata\MPK\1\I40251_7202920139
c:\programdata\MPK\1\I40251_7237641551
c:\programdata\MPK\1\I40251_7272361921
c:\programdata\MPK\1\I40251_7307083333
c:\programdata\MPK\1\I40251_7341804630
c:\programdata\MPK\1\I40251_7376525579
c:\programdata\MPK\1\I40251_7411246181
c:\programdata\MPK\1\I40251_7445967361
c:\programdata\MPK\1\I40251_7480687732
c:\programdata\MPK\1\I40251_7515408565
c:\programdata\MPK\1\I40251_7550129514
c:\programdata\MPK\1\I40251_7584855440
c:\programdata\MPK\1\I40251_7619571759
c:\programdata\MPK\1\I40251_7654292130
c:\programdata\MPK\1\I40251_7689013657
c:\programdata\MPK\1\I40251_7967418981
c:\programdata\MPK\1\I40251_8002578125
c:\programdata\MPK\1\I40251_8037298495
c:\programdata\MPK\1\I40251_8072019907
c:\programdata\MPK\1\I40251_8106740509
c:\programdata\MPK\1\I40251_8141461111
c:\programdata\MPK\1\I40251_8176181597
c:\programdata\MPK\1\I40251_8210903009
c:\programdata\MPK\1\I40251_8245623380
c:\programdata\MPK\1\I40251_8280344676
c:\programdata\MPK\1\I40251_8315065278
c:\programdata\MPK\1\I40251_8349786574
c:\programdata\MPK\1\I40251_8384506829
c:\programdata\MPK\1\I40251_8419227778
c:\programdata\MPK\1\I40251_8473937731
c:\programdata\MPK\1\I40251_8508658681
c:\programdata\MPK\1\I40251_8543379630
c:\programdata\MPK\1\I40251_8578100926
c:\programdata\MPK\1\I40251_8612821644
c:\programdata\MPK\1\I40251_8647542708
c:\programdata\MPK\1\I40251_8682264120
c:\programdata\MPK\1\I40251_8716984838
c:\programdata\MPK\1\I40251_8751704861
c:\programdata\MPK\1\I40251_8786425926
c:\programdata\MPK\1\I40251_8821146759
c:\programdata\MPK\1\I40251_8855868056
c:\programdata\MPK\1\I40251_8890588889
c:\programdata\MPK\1\I40251_8925310185
c:\programdata\MPK\1\I40251_9108169676
c:\programdata\MPK\1\I40251_9318807523
c:\programdata\MPK\1\I40251_9397630903
c:\programdata\MPK\1\I40251_9434675694
c:\programdata\MPK\1\I40251_9469396296
c:\programdata\MPK\1\I40252_6304384606
c:\programdata\MPK\1\I40252_6339106134
c:\programdata\MPK\1\I40252_6373826968
c:\programdata\MPK\1\I40252_6555388542
c:\programdata\MPK\1\I40252_6590109838
c:\programdata\MPK\1\I40252_7148411458
c:\programdata\MPK\1\I40252_7183133102
c:\programdata\MPK\1\I40252_7217854167
c:\programdata\MPK\1\I40252_7252574074
c:\programdata\MPK\1\I40252_7287295255
c:\programdata\MPK\1\I40252_7322015856
c:\programdata\MPK\1\I40252_7356736921
c:\programdata\MPK\1\I40252_7391462847
c:\programdata\MPK\1\I40252_8377820370
c:\programdata\MPK\1\I40252_8452888542
c:\programdata\MPK\1\I40252_8488017824
c:\programdata\MPK\1\I40252_8708415278
c:\programdata\MPK\1\I40252_8743136111
c:\programdata\MPK\1\I40252_8777857639
c:\programdata\MPK\1\I40252_8812577894
c:\programdata\MPK\1\I40252_8847299537
c:\programdata\MPK\1\I40252_8882020023
c:\programdata\MPK\1\I40252_8916740509
c:\programdata\MPK\1\I40252_8951461921
c:\programdata\MPK\1\I40252_8986182986
c:\programdata\MPK\1\I40252_9020903588
c:\programdata\MPK\1\I40252_9055623958
c:\programdata\MPK\1\I40252_9090345139
c:\programdata\MPK\1\I40252_9125066782
c:\programdata\MPK\1\I40252_9159787153
c:\programdata\MPK\1\I40252_9194507639
c:\programdata\MPK\1\I40252_9229228704
c:\programdata\MPK\1\I40252_9263949190
c:\programdata\MPK\1\I40252_9298670718
c:\programdata\MPK\1\I40252_9333391088
c:\programdata\MPK\1\I40252_9368112153
c:\programdata\MPK\1\I40253_3023292593
c:\programdata\MPK\1\I40253_6994015625
c:\programdata\MPK\1\I40253_7028736458
c:\programdata\MPK\1\I40253_7063457639
c:\programdata\MPK\1\I40253_7098177893
c:\programdata\MPK\1\I40253_7132898611
c:\programdata\MPK\1\I40253_7167620023
c:\programdata\MPK\1\I40253_7202340856
c:\programdata\MPK\1\I40253_7237061921
c:\programdata\MPK\1\I40253_7271782060
c:\programdata\MPK\1\I40253_7306503356
c:\programdata\MPK\1\I40253_7341223843
c:\programdata\MPK\1\I40253_7375945139
c:\programdata\MPK\1\I40253_7410665741
c:\programdata\MPK\1\I40253_7445387153
c:\programdata\MPK\1\I40253_7480107870
c:\programdata\MPK\1\I40253_7514829282
c:\programdata\MPK\1\I40253_7549549537
c:\programdata\MPK\1\I40253_7584270023
c:\programdata\MPK\1\I40253_7618991319
c:\programdata\MPK\1\I40253_7653712847
c:\programdata\MPK\1\I40253_7688433449
c:\programdata\MPK\1\I40253_7723155671
c:\programdata\MPK\1\I40253_7757876157
c:\programdata\MPK\1\I40253_8145268750
c:\programdata\MPK\1\I40253_8179989236
c:\programdata\MPK\1\I40253_8576134954
c:\programdata\MPK\1\I40253_8610855440
c:\programdata\MPK\1\I40253_8645576736
c:\programdata\MPK\1\I40253_8680297222
c:\programdata\MPK\1\I40253_8715018287
c:\programdata\MPK\1\I40253_8749739005
c:\programdata\MPK\1\I40253_8784460185
c:\programdata\MPK\1\I40253_8819180671
c:\programdata\MPK\1\I40253_8853901968
c:\programdata\MPK\1\I40253_8888622569
c:\programdata\MPK\1\I40253_8923343866
c:\programdata\MPK\1\I40253_9278828935
c:\programdata\MPK\1\I40253_9313549306
c:\programdata\MPK\1\I40253_9348270139
c:\programdata\MPK\1\I40253_9382991782
c:\programdata\MPK\1\I40253_9417713079
c:\programdata\MPK\1\I40254_6099784954
c:\programdata\MPK\1\I40254_6134506713
c:\programdata\MPK\1\I40254_6169227199
c:\programdata\MPK\1\I40254_6203947801
c:\programdata\MPK\1\I40254_6238669097
c:\programdata\MPK\1\I40254_6273389931
c:\programdata\MPK\1\I40254_6308110648
c:\programdata\MPK\1\I40254_6342831481
c:\programdata\MPK\1\I40254_6377552778
c:\programdata\MPK\1\I40254_6412273148
c:\programdata\MPK\1\I40254_6446998958
c:\programdata\MPK\1\I40254_6481721528
c:\programdata\MPK\1\I40254_6516445949
c:\programdata\MPK\1\I40254_6551168634
c:\programdata\MPK\1\I40254_6585886458
c:\programdata\MPK\1\I40254_6620606829
c:\programdata\MPK\1\I40254_6655327431
c:\programdata\MPK\1\I40254_6690048495
c:\programdata\MPK\1\I40254_6724769213
c:\programdata\MPK\1\I40254_6775406829
c:\programdata\MPK\1\I40254_6811710880
c:\programdata\MPK\1\I40254_6846431134
c:\programdata\MPK\1\I40254_6881153125
c:\programdata\MPK\1\I40254_7688792593
c:\programdata\MPK\1\I40254_7723514005
c:\programdata\MPK\1\I40254_7758234491
c:\programdata\MPK\1\I40254_7792960417
c:\programdata\MPK\1\I40254_8018471991
c:\programdata\MPK\1\I40254_8053192361
c:\programdata\MPK\1\I40254_8087913310
c:\programdata\MPK\1\I40254_8122634144
c:\programdata\MPK\1\I40254_8157355787
c:\programdata\MPK\1\I40254_8192114468
c:\programdata\MPK\1\I40254_8226796528
c:\programdata\MPK\1\I40254_8261517477
c:\programdata\MPK\1\I40254_8296238310
c:\programdata\MPK\1\I40254_8330959143
c:\programdata\MPK\1\I40254_8365681134
c:\programdata\MPK\1\I40254_8400400926
c:\programdata\MPK\1\I40254_8435122106
c:\programdata\MPK\1\I40254_8469842708
c:\programdata\MPK\1\I40254_8504563657
c:\programdata\MPK\1\I40254_8539284491
c:\programdata\MPK\1\I40254_8574005556
c:\programdata\MPK\1\I40254_8644398958
c:\programdata\MPK\1\I40254_8679119213
c:\programdata\MPK\1\I40254_8713840509
c:\programdata\MPK\1\I40254_8799830671
c:\programdata\MPK\1\I40254_8834974537
c:\programdata\MPK\1\I40254_9109515625
c:\programdata\MPK\1\I40254_9144236227
c:\programdata\MPK\1\I40254_9178957523
c:\programdata\MPK\1\I40254_9213677893
c:\programdata\MPK\1\I40254_9248399190
c:\programdata\MPK\1\I40254_9283120602
c:\programdata\MPK\1\I40254_9317841782
c:\programdata\MPK\1\I40254_9352562153
c:\programdata\MPK\1\I40254_9387283565
c:\programdata\MPK\1\I40254_9422003819
c:\programdata\MPK\1\I40254_9456724769
c:\programdata\MPK\1\I40254_9491445833
c:\programdata\MPK\1\I40254_9526167014
c:\programdata\MPK\1\I40254_9560887384
c:\programdata\MPK\1\I40258_7256928704
c:\programdata\MPK\1\I40258_7291649190
c:\programdata\MPK\1\I40258_7326370486
c:\programdata\MPK\1\I40258_7361091319
c:\programdata\MPK\1\I40258_7395811806
c:\programdata\MPK\1\I40258_7430533218
c:\programdata\MPK\1\I40258_7465254051
c:\programdata\MPK\1\I40258_7499974421
c:\programdata\MPK\1\I40258_7534695718
c:\programdata\MPK\1\I40258_7569416204
c:\programdata\MPK\1\I40258_7604137731
c:\programdata\MPK\1\I40258_7638858218
c:\programdata\MPK\1\I40258_7673578704
c:\programdata\MPK\1\I40258_7708300231
c:\programdata\MPK\1\I40258_7743020486
c:\programdata\MPK\1\I40258_7914473032
c:\programdata\MPK\1\I40258_7949196412
c:\programdata\MPK\1\I40258_7983914120
c:\programdata\MPK\1\I40258_8018634954
c:\programdata\MPK\1\I40258_8053356134
c:\programdata\MPK\1\I40258_8088076620
c:\programdata\MPK\1\I40258_8122797569
c:\programdata\MPK\1\I40258_8157519213
c:\programdata\MPK\1\I40258_8192239699
c:\programdata\MPK\1\I40258_8226959954
c:\programdata\MPK\1\I40258_8261681250
c:\programdata\MPK\1\I40258_8296401620
c:\programdata\MPK\1\I40258_8331123032
c:\programdata\MPK\1\I40258_8365843519
c:\programdata\MPK\1\I40258_8400564699
c:\programdata\MPK\1\I40258_8435285880
c:\programdata\MPK\1\I40258_8469601042
c:\programdata\MPK\1\I40258_8504321528
c:\programdata\MPK\1\I40258_8539042245
c:\programdata\MPK\1\I40258_8573763079
c:\programdata\MPK\1\I40258_8608484491
c:\programdata\MPK\1\I40258_8643205093
c:\programdata\MPK\1\I40258_8677926273
c:\programdata\MPK\1\I40258_8712646759
c:\programdata\MPK\1\I40258_8747368056
c:\programdata\MPK\1\I40258_8782088426
c:\programdata\MPK\1\I40258_8816809838
c:\programdata\MPK\1\I40258_8851530093
c:\programdata\MPK\1\I40258_8886252199
c:\programdata\MPK\1\I40258_8920972338
c:\programdata\MPK\1\I40259_6326967940
c:\programdata\MPK\1\I40259_6361689236
c:\programdata\MPK\1\I40259_6396409606
c:\programdata\MPK\1\I40259_6431132176
c:\programdata\MPK\1\I40259_6516614005
c:\programdata\MPK\1\I40259_6551854514
c:\programdata\MPK\1\I40259_6586575694
c:\programdata\MPK\1\I40259_6621296875
c:\programdata\MPK\1\I40259_6656016898
c:\programdata\MPK\1\I40259_6690738194
c:\programdata\MPK\1\I40259_6725459606
c:\programdata\MPK\1\I40259_6760179977
c:\programdata\MPK\1\I40259_6794900347
c:\programdata\MPK\1\I40259_6829621643
c:\programdata\MPK\1\I40259_6864342593
c:\programdata\MPK\1\I40259_6899063657
c:\programdata\MPK\1\I40259_6933783912
c:\programdata\MPK\1\I40259_7751563079
c:\programdata\MPK\1\I40259_7786284375
c:\programdata\MPK\1\I40259_7821004745
c:\programdata\MPK\1\I40259_7855725694
c:\programdata\MPK\1\I40259_7890446528
c:\programdata\MPK\1\I40259_7925172685
c:\programdata\MPK\1\I40259_7959888889
c:\programdata\MPK\1\I40259_7994609259
c:\programdata\MPK\1\I40259_8029330093
c:\programdata\MPK\1\I40259_8314864583
c:\programdata\MPK\1\I40259_8349585417
c:\programdata\MPK\1\I40259_8384307292
c:\programdata\MPK\1\I40259_8419027199
c:\programdata\MPK\1\I40259_8453748148
c:\programdata\MPK\1\I40259_8488468866
c:\programdata\MPK\1\I40259_8523190278
c:\programdata\MPK\1\I40259_8557910648
c:\programdata\MPK\1\I40259_8592632060
c:\programdata\MPK\1\I40259_8627352431
c:\programdata\MPK\1\I40259_8662073843
c:\programdata\MPK\1\I40259_8696794097
c:\programdata\MPK\1\I40259_8731516204
c:\programdata\MPK\1\I40259_8766237037
c:\programdata\MPK\1\I40259_8907182523
c:\programdata\MPK\1\I40259_8974278472
c:\programdata\MPK\1\I40259_9008996065
c:\programdata\MPK\1\I40259_9043716204
c:\programdata\MPK\1\I40260_7063308912
c:\programdata\MPK\1\I40260_7098030671
c:\programdata\MPK\1\I40260_7132750579
c:\programdata\MPK\1\I40260_7167471528
c:\programdata\MPK\1\I40260_7202192593
c:\programdata\MPK\1\I40260_7212820718
c:\programdata\MPK\1\I40260_7236913889
c:\programdata\MPK\1\I40260_7271634144
c:\programdata\MPK\1\I40260_7306355556
c:\programdata\MPK\1\I40260_7341076968
c:\programdata\MPK\1\I40260_7375797338
c:\programdata\MPK\1\I40260_7410517940
c:\programdata\MPK\1\I40260_7445239236
c:\programdata\MPK\1\I40260_7479959606
c:\programdata\MPK\1\I40260_7514680903
c:\programdata\MPK\1\I40260_7549401273
c:\programdata\MPK\1\I40260_7584122106
c:\programdata\MPK\1\I40260_7618842940
c:\programdata\MPK\1\I40260_7653564236
c:\programdata\MPK\1\I40260_7688285301
c:\programdata\MPK\1\I40260_7839161343
c:\programdata\MPK\1\I40260_7873920602
c:\programdata\MPK\1\I40260_7908603472
c:\programdata\MPK\1\I40260_7943330208
c:\programdata\MPK\1\I40260_7978052083
c:\programdata\MPK\1\I40260_8028879051
c:\programdata\MPK\1\I40260_8065157523
c:\programdata\MPK\1\I40260_8101679051
c:\programdata\MPK\1\I40260_8139344329
c:\programdata\MPK\1\I40260_8174064699
c:\programdata\MPK\1\I40260_8208785648
c:\programdata\MPK\1\I40260_8243506944
c:\programdata\MPK\1\I40260_8278227315
c:\programdata\MPK\1\I40260_8312948495
c:\programdata\MPK\1\I40260_8347669560
c:\programdata\MPK\1\I40260_8382390046
c:\programdata\MPK\1\I40260_8417110995
c:\programdata\MPK\1\I40260_8451831713
c:\programdata\MPK\1\I40260_8486553241
c:\programdata\MPK\1\I40260_8547860417
c:\programdata\MPK\1\I40260_8583824537
c:\programdata\MPK\1\I40260_8618545023
c:\programdata\MPK\1\I40260_8653266667
c:\programdata\MPK\1\I40260_8687986806
c:\programdata\MPK\1\I40260_9005065972
c:\programdata\MPK\1\I40260_9039787268
c:\programdata\MPK\1\I40260_9074507755
c:\programdata\MPK\1\I40260_9109229398
c:\programdata\MPK\1\I40260_9143949769
c:\programdata\MPK\1\I40260_9213391319
c:\programdata\MPK\1\I40261_6299759838
c:\programdata\MPK\1\I40261_6334481481
c:\programdata\MPK\1\I40261_6369213542
c:\programdata\MPK\1\I40261_6403927778
c:\programdata\MPK\1\I40261_6438651736
c:\programdata\MPK\1\I40261_6473374421
c:\programdata\MPK\1\I40261_6652429861
c:\programdata\MPK\1\I40261_6687151273
c:\programdata\MPK\1\I40261_6721871759
c:\programdata\MPK\1\I40261_6756596991
c:\programdata\MPK\1\I40261_6791313426
c:\programdata\MPK\1\I40261_6826034259
c:\programdata\MPK\1\I40261_6860756250
c:\programdata\MPK\1\I40261_6895476505
c:\programdata\MPK\1\I40261_6930197106
c:\programdata\MPK\1\I40261_6964918518
c:\programdata\MPK\1\I40261_7000768981
c:\programdata\MPK\1\I40261_7034861227
c:\programdata\MPK\1\I40261_7069088310
c:\programdata\MPK\1\I40261_7104270023
c:\programdata\MPK\1\I40261_7138526736
c:\programdata\MPK\1\I40261_7173247338
c:\programdata\MPK\1\I40261_7207968518
c:\programdata\MPK\1\I40261_7242689236
c:\programdata\MPK\1\I40261_7277410069
c:\programdata\MPK\1\I40261_7312130671
c:\programdata\MPK\1\I40261_7346852199
c:\programdata\MPK\1\I40261_7381572338
c:\programdata\MPK\1\I40261_7416293634
c:\programdata\MPK\1\I40261_7451014120
c:\programdata\MPK\1\I40261_7485735648
c:\programdata\MPK\1\I40261_7520455903
c:\programdata\MPK\1\I40261_7555177778
c:\programdata\MPK\1\I40261_7589897569
c:\programdata\MPK\1\I40261_7624618981
c:\programdata\MPK\1\I40261_7659339468
c:\programdata\MPK\1\I40261_7694060764
c:\programdata\MPK\1\I40261_7728781597
c:\programdata\MPK\1\I40261_8010499768
c:\programdata\MPK\1\I40261_8045220602
c:\programdata\MPK\1\I40261_8079941551
c:\programdata\MPK\1\I40261_8265892361
c:\programdata\MPK\1\I40261_8300615972
c:\programdata\MPK\1\I40261_8335340625
c:\programdata\MPK\1\I40261_8370063657
c:\programdata\MPK\1\I40261_8404781713
c:\programdata\MPK\1\I40261_8439503241
c:\programdata\MPK\1\I40261_8474223843
c:\programdata\MPK\1\I40261_8508944213
c:\programdata\MPK\1\I40261_8543665162
c:\programdata\MPK\1\I40261_8578385764
c:\programdata\MPK\1\I40261_8613107176
c:\programdata\MPK\1\I40261_8647827778
c:\programdata\MPK\1\I40261_8682548843
c:\programdata\MPK\1\I40261_8717269329
c:\programdata\MPK\1\I40261_9368331944
c:\programdata\MPK\1\I40261_9522476389
c:\programdata\MPK\1\I40261_9557197222
c:\programdata\MPK\1\I40261_9591918056
c:\programdata\MPK\1\I40261_9626638889
c:\programdata\MPK\1\I40261_9730338889
c:\programdata\MPK\1\I40261_9765061227
c:\programdata\MPK\1\I40261_9799779051
c:\programdata\MPK\1\I40262_3394985301
c:\programdata\MPK\1\I40262_3429708218
c:\programdata\MPK\1\I40262_4501506134
c:\programdata\MPK\1\I40262_4536226736
c:\programdata\MPK\1\I40262_4570953125
c:\programdata\MPK\1\I40262_4605671412
c:\programdata\MPK\1\I40262_4640396644
c:\programdata\MPK\1\I40262_4675120370
c:\programdata\MPK\1\I40262_4709842130
c:\programdata\MPK\1\I40262_4744565162
c:\programdata\MPK\1\I40262_5704804398
c:\programdata\MPK\1\I40262_5739521296
c:\programdata\MPK\1\I40262_5774245370
c:\programdata\MPK\1\I40262_6126755440
c:\programdata\MPK\1\I40262_6161472801
c:\programdata\MPK\1\I40262_6196194213
c:\programdata\MPK\1\I40262_6230914815
c:\programdata\MPK\1\I40262_6265635880
c:\programdata\MPK\1\I40262_6300357292
c:\programdata\MPK\1\I40262_6481582986
c:\programdata\MPK\1\I40262_6516304398
c:\programdata\MPK\1\I40262_6551024768
c:\programdata\MPK\1\I40262_6585746296
c:\programdata\MPK\1\I40262_6620466667
c:\programdata\MPK\1\I40262_6655187731
c:\programdata\MPK\1\I40262_6689908681
c:\programdata\MPK\1\I40262_6724629051
c:\programdata\MPK\1\I40262_6759350347
c:\programdata\MPK\1\I40262_6971159954
c:\programdata\MPK\1\I40262_7005880903
c:\programdata\MPK\1\I40262_7040601505
c:\programdata\MPK\1\I40262_7075322801
c:\programdata\MPK\1\I40262_7110043403
c:\programdata\MPK\1\I40262_8982279282
c:\programdata\MPK\1\I40262_9016954051
c:\programdata\MPK\1\I40262_9051674074
c:\programdata\MPK\1\I40262_9086395486
c:\programdata\MPK\1\I40262_9121117014
c:\programdata\MPK\1\I40262_9155837384
c:\programdata\MPK\1\I40262_9190557870
c:\programdata\MPK\1\I40262_9225279051
c:\programdata\MPK\1\I40262_9259999537
c:\programdata\MPK\1\I40262_9294721181
c:\programdata\MPK\1\I40262_9329441551
c:\programdata\MPK\1\I40262_9364162616
c:\programdata\MPK\1\I40262_9468324884
c:\programdata\MPK\1\I40262_9503046181
c:\programdata\MPK\1\I40262_9572487616
c:\programdata\MPK\1\I40263_6065171875
c:\programdata\MPK\1\I40263_6099892477
c:\programdata\MPK\1\I40263_6134612616
c:\programdata\MPK\1\I40263_6169334028
c:\programdata\MPK\1\I40263_6204055324
c:\programdata\MPK\1\I40263_6238776157
c:\programdata\MPK\1\I40263_6273496412
c:\programdata\MPK\1\I40263_6308217361
c:\programdata\MPK\1\I40263_6342938657
c:\programdata\MPK\1\I40263_6377659607
c:\programdata\MPK\1\I40263_6412380093
c:\programdata\MPK\1\I40263_6447100694
c:\programdata\MPK\1\I40263_6481821875
c:\programdata\MPK\1\I40263_6516543287
c:\programdata\MPK\1\I40263_6551264236
c:\programdata\MPK\1\I40263_6849439931
c:\programdata\MPK\1\I40263_6884160185
c:\programdata\MPK\1\I40263_6918881829
c:\programdata\MPK\1\I40263_6953602083
c:\programdata\MPK\1\I40263_6988323380
c:\programdata\MPK\1\I40263_7023044444
c:\programdata\MPK\1\I40263_7057764815
c:\programdata\MPK\1\I40263_7092485880
c:\programdata\MPK\1\I40263_7127207755
c:\programdata\MPK\1\I40263_7161928241
c:\programdata\MPK\1\I40263_7380309491
c:\programdata\MPK\1\I40263_7415030787
c:\programdata\MPK\1\I40263_7449751042
c:\programdata\MPK\1\I40263_7484472685
c:\programdata\MPK\1\I40263_7519193287
c:\programdata\MPK\1\I40263_7553914699
c:\programdata\MPK\1\I40263_7588635301
c:\programdata\MPK\1\I40263_7623355671
c:\programdata\MPK\1\I40263_7658077199
c:\programdata\MPK\1\I40263_7692797917
c:\programdata\MPK\1\I40263_7747166088
c:\programdata\MPK\1\I40263_7782490972
c:\programdata\MPK\1\I40264_8096052662
c:\programdata\MPK\1\I40264_8130773032
c:\programdata\MPK\1\I40264_8165493634
c:\programdata\MPK\1\I40264_8200214815
c:\programdata\MPK\1\I40264_8234936227
c:\programdata\MPK\1\I40264_8269656713
c:\programdata\MPK\1\I40264_8304376852
c:\programdata\MPK\1\I40264_8339098264
c:\programdata\MPK\1\I40265_0575753588
c:\programdata\MPK\1\I40265_0611685648
c:\programdata\MPK\1\I40265_0646406366
c:\programdata\MPK\1\I40265_4452931134
c:\programdata\MPK\1\I40265_4487652546
c:\programdata\MPK\1\I40265_4522373032
c:\programdata\MPK\1\I40265_4557093519
c:\programdata\MPK\1\I40265_4591814699
c:\programdata\MPK\1\I40265_4626535069
c:\programdata\MPK\1\I40265_4661256481
c:\programdata\MPK\1\I40265_4695981366
c:\programdata\MPK\1\I40265_4730704630
c:\programdata\MPK\1\I40265_4765424537
c:\programdata\MPK\1\I40265_4800143519
c:\programdata\MPK\1\I40265_4834865278
c:\programdata\MPK\1\I40265_5433264699
c:\programdata\MPK\1\I40265_5467985069
c:\programdata\MPK\1\I40265_5502706366
c:\programdata\MPK\1\I40265_5537427431
c:\programdata\MPK\1\I40265_5572148380
c:\programdata\MPK\1\I40265_5606868634
c:\programdata\MPK\1\I40265_5641590162
c:\programdata\MPK\1\I40265_5676310417
c:\programdata\MPK\1\I40265_5711031944
c:\programdata\MPK\1\I40265_5745752083
c:\programdata\MPK\1\I40265_5780473032
c:\programdata\MPK\1\I40265_5815194907
c:\programdata\MPK\1\I40265_5849915625
c:\programdata\MPK\1\I40265_5884635995
c:\programdata\MPK\1\I40265_5919357060
c:\programdata\MPK\1\I40265_5954077431
c:\programdata\MPK\1\I40265_5988799074
c:\programdata\MPK\1\I40265_6023525579
c:\programdata\MPK\1\I40265_6058245023
c:\programdata\MPK\1\I40265_6092964352
c:\programdata\MPK\1\I40265_6127685532
c:\programdata\MPK\1\I40265_6162411458
c:\programdata\MPK\1\I40265_7487898727
c:\programdata\MPK\1\I40265_7522619097
c:\programdata\MPK\1\I40265_7557340972
c:\programdata\MPK\1\I40265_7592062153
c:\programdata\MPK\1\I40265_7626782060
c:\programdata\MPK\1\I40265_7692786227
c:\programdata\MPK\1\I40265_7728882639
c:\programdata\MPK\1\I40265_7763603588
c:\programdata\MPK\1\I40265_7798324074
c:\programdata\MPK\1\I40265_7833044907
c:\programdata\MPK\1\I40265_7867766319
c:\programdata\MPK\1\I40265_7902487269
c:\programdata\MPK\1\I40265_7937207755
c:\programdata\MPK\1\I40265_7971929051
c:\programdata\MPK\1\I40265_8006649537
c:\programdata\MPK\1\I40265_8041371065
c:\programdata\MPK\1\I40265_8076091319
c:\programdata\MPK\1\I40265_8110812500
c:\programdata\MPK\1\I40265_8145895255
c:\programdata\MPK\1\I40265_8181969444
c:\programdata\MPK\1\I40265_8216689931
c:\programdata\MPK\1\I40265_8251410995
c:\programdata\MPK\1\I40265_8286132523
c:\programdata\MPK\1\I40265_8320853009
c:\programdata\MPK\1\I40265_8358045949
c:\programdata\MPK\1\I40265_8393264352
c:\programdata\MPK\1\I40265_8427985764
c:\programdata\MPK\1\I40266_0625345949
c:\programdata\MPK\1\I40266_0683282870
c:\programdata\MPK\1\I40266_0719505903
c:\programdata\MPK\1\I40266_0754226852
c:\programdata\MPK\1\I40266_0788947454
c:\programdata\MPK\1\I40266_0823668750
c:\programdata\MPK\1\I40266_0858389120
c:\programdata\MPK\1\I40266_4959951042
c:\programdata\MPK\1\I40266_4994671528
c:\programdata\MPK\1\I40266_5029399306
c:\programdata\MPK\1\I40266_5064113310
c:\programdata\MPK\1\I40266_5098834144
c:\programdata\MPK\1\I40266_5133554861
c:\programdata\MPK\1\I40266_5168275810
c:\programdata\MPK\1\I40266_5202996643
c:\programdata\MPK\1\I40266_5237717593
c:\programdata\MPK\1\I40266_5272438773
c:\programdata\MPK\1\I40266_5343390972
c:\programdata\MPK\1\I40266_5378117014
c:\programdata\MPK\1\I40266_5412835764
c:\programdata\MPK\1\I40266_5447556481
c:\programdata\MPK\1\I40266_5643330787
c:\programdata\MPK\1\I40266_5678051852
c:\programdata\MPK\1\I40266_5712772222
c:\programdata\MPK\1\I40266_5747492708
c:\programdata\MPK\1\I40266_5782214468
c:\programdata\MPK\1\I40266_5816935301
c:\programdata\MPK\1\I40266_5851655787
c:\programdata\MPK\1\I40266_5886376157
c:\programdata\MPK\1\I40266_5921097685
c:\programdata\MPK\1\I40266_5955817824
c:\programdata\MPK\1\I40266_5990539699
c:\programdata\MPK\1\I40266_6025260532
c:\programdata\MPK\1\I40266_6059980903
c:\programdata\MPK\1\I40266_6094701505
c:\programdata\MPK\1\I40266_6129422801
c:\programdata\MPK\1\I40266_6164143056
c:\programdata\MPK\1\I40266_6198864815
c:\programdata\MPK\1\I40266_6233584954
c:\programdata\MPK\1\I40266_6268306250
c:\programdata\MPK\1\I40266_6303032986
c:\programdata\MPK\1\I40266_7139116204
c:\programdata\MPK\1\I40266_7173836690
c:\programdata\MPK\1\I40266_7208558333
c:\programdata\MPK\1\I40266_7243278704
c:\programdata\MPK\1\I40266_7277999884
c:\programdata\MPK\1\I40266_7312720486
c:\programdata\MPK\1\I40266_7347441898
c:\programdata\MPK\1\I40266_7382162037
c:\programdata\MPK\1\I40266_7416883333
c:\programdata\MPK\1\I40266_7451603819
c:\programdata\MPK\1\I40266_8658741782
c:\programdata\MPK\1\I40266_8693462268
c:\programdata\MPK\1\I40266_8728182755
c:\programdata\MPK\1\I40266_8762903935
c:\programdata\MPK\1\I40266_8797625347
c:\programdata\MPK\1\I40266_8832345255
c:\programdata\MPK\1\I40266_8867066088
c:\programdata\MPK\1\I40266_8901786921
c:\programdata\MPK\1\I40266_8936508565
c:\programdata\MPK\1\I40266_8971228935
c:\programdata\MPK\1\I40266_9005949537
c:\programdata\MPK\1\I40266_9040670949
c:\programdata\MPK\1\I40266_9075392014
c:\programdata\MPK\1\I40266_9110112269
c:\programdata\MPK\1\I40266_9144833449
c:\programdata\MPK\1\I40266_9179554051
c:\programdata\MPK\1\I40266_9214275347
c:\programdata\MPK\1\I40266_9248995718
c:\programdata\MPK\1\I40266_9283721528
c:\programdata\MPK\1\I40266_9318438079
c:\programdata\MPK\1\I40266_9353158912
c:\programdata\MPK\1\I40266_9387879398
c:\programdata\MPK\1\I40266_9422600463
c:\programdata\MPK\1\I40266_9457321065
c:\programdata\MPK\1\I40266_9492042477
c:\programdata\MPK\1\I40266_9526762731
c:\programdata\MPK\1\I40266_9561483912
c:\programdata\MPK\1\I40266_9596204977
c:\programdata\MPK\1\I40266_9630925231
c:\programdata\MPK\1\I40266_9665646644
c:\programdata\MPK\1\I40266_9700368056
c:\programdata\MPK\1\I40266_9735087963
c:\programdata\MPK\1\I40266_9769808796
c:\programdata\MPK\1\I40266_9804530671
c:\programdata\MPK\1\I40266_9839255787
c:\programdata\MPK\1\I40266_9873977199
c:\programdata\MPK\1\I40266_9908694213
c:\programdata\MPK\1\I40266_9943414583
c:\programdata\MPK\1\I40267_0047577546
c:\programdata\MPK\1\I40267_0082298148
c:\programdata\MPK\1\I40267_0117019444
c:\programdata\MPK\1\I40267_0151739699
c:\programdata\MPK\1\I40268_5220874884
c:\programdata\MPK\1\I40268_5255595139
c:\programdata\MPK\1\I40268_5290316898
c:\programdata\MPK\1\I40268_5325036921
c:\programdata\MPK\1\I40268_5526000694
c:\programdata\MPK\1\I40268_5560721759
c:\programdata\MPK\1\I40268_5595442940
c:\programdata\MPK\1\I40268_5630163773
c:\programdata\MPK\1\I40268_5664884491
c:\programdata\MPK\1\I40268_5699604977
c:\programdata\MPK\1\I40268_5734326273
c:\programdata\MPK\1\I40268_5769046875
c:\programdata\MPK\1\I40268_5803768056
c:\programdata\MPK\1\I40268_5838488426
c:\programdata\MPK\1\I40268_5873209722
c:\programdata\MPK\1\I40268_5907930208
c:\programdata\MPK\1\I40268_5942651852
c:\programdata\MPK\1\I40268_5977372338
c:\programdata\MPK\1\I40268_6028647569
c:\programdata\MPK\1\I40268_6065170949
c:\programdata\MPK\1\I40268_6900028588
c:\programdata\MPK\1\I40268_6934748958
c:\programdata\MPK\1\I40268_6969469792
c:\programdata\MPK\1\I40268_7004190741
c:\programdata\MPK\1\I40268_7038911806
c:\programdata\MPK\1\I40268_7073632870
c:\programdata\MPK\1\I40268_7108353356
c:\programdata\MPK\1\I40268_7143075116
c:\programdata\MPK\1\I40268_7177795370
c:\programdata\MPK\1\I40268_7212516088
c:\programdata\MPK\1\I40268_7247237269
c:\programdata\MPK\1\I40268_7281958681
c:\programdata\MPK\1\I40268_7316684722
c:\programdata\MPK\1\I40268_7351406018
c:\programdata\MPK\1\I40268_7386124769
c:\programdata\MPK\1\I40268_7420845949
c:\programdata\MPK\1\I40268_7490287731
c:\programdata\MPK\1\I40268_7642519792
c:\programdata\MPK\1\I40268_7677241319
c:\programdata\MPK\1\I40268_7711961690
c:\programdata\MPK\1\I40268_7746682176
c:\programdata\MPK\1\I40268_7781403356
c:\programdata\MPK\1\I40268_7816124074
c:\programdata\MPK\1\I40268_7850845370
c:\programdata\MPK\1\I40268_7885565509
c:\programdata\MPK\1\I40268_8178446991
c:\programdata\MPK\1\I40268_8213167245
c:\programdata\MPK\1\I40268_8247888889
c:\programdata\MPK\1\I40268_8282609606
c:\programdata\MPK\1\I40268_8317330556
c:\programdata\MPK\1\I40268_8352050810
c:\programdata\MPK\1\I40268_8386772685
c:\programdata\MPK\1\I40268_8421493056
c:\programdata\MPK\1\I40268_8478530324
c:\programdata\MPK\1\I40268_8516174421
c:\programdata\MPK\1\I40268_8550896065
c:\programdata\MPK\1\I40268_8585616435
c:\programdata\MPK\1\I40268_8620337037
c:\programdata\MPK\1\I40268_8655058218
c:\programdata\MPK\1\I40268_8689779282
c:\programdata\MPK\1\I40268_8724500694
c:\programdata\MPK\1\I40268_8759221181
c:\programdata\MPK\1\I40268_8793941435
c:\programdata\MPK\1\I40268_8828662847
c:\programdata\MPK\1\I40268_8863383218
c:\programdata\MPK\1\I40268_8898104630
c:\programdata\MPK\1\I40268_8932825000
c:\programdata\MPK\1\I40268_8967546412
c:\programdata\MPK\1\I40268_9002266782
c:\programdata\MPK\1\I40268_9036988194
c:\programdata\MPK\1\I40268_9071708681
c:\programdata\MPK\1\I40268_9106429861
c:\programdata\MPK\1\I40268_9357928125
c:\programdata\MPK\1\I40268_9392649190
c:\programdata\MPK\1\I40268_9427369560
c:\programdata\MPK\1\I40268_9462090162
c:\programdata\MPK\1\I40268_9496815741
c:\programdata\MPK\1\I40268_9531532986
c:\programdata\MPK\1\I40268_9566253356
c:\programdata\MPK\1\I40268_9600973727
c:\programdata\MPK\1\I40268_9635695023
c:\programdata\MPK\1\I40268_9670415509
c:\programdata\MPK\1\I40268_9705136343
c:\programdata\MPK\1\I40268_9739857407
c:\programdata\MPK\1\I40268_9774578704
c:\programdata\MPK\1\I40268_9849248495
c:\programdata\MPK\1\I40268_9885515046
c:\programdata\MPK\1\I40268_9920235880
c:\programdata\MPK\1\I40268_9954957292
c:\programdata\MPK\1\I40268_9989678588
c:\programdata\MPK\1\I40269_0024399190
c:\programdata\MPK\1\I40269_0059119444
c:\programdata\MPK\1\I40269_0093841204
c:\programdata\MPK\1\I40269_0128561343
c:\programdata\MPK\1\I40269_0163285301
c:\programdata\MPK\1\I40269_0198003125
c:\programdata\MPK\1\I40269_0232724653
c:\programdata\MPK\1\I40269_0336886690
c:\programdata\MPK\1\I40269_4703478356
c:\programdata\MPK\1\I40269_4738196528
c:\programdata\MPK\1\I40269_4772918056
c:\programdata\MPK\1\I40269_4807638542
c:\programdata\MPK\1\I40269_4842359144
c:\programdata\MPK\1\I40269_4877081134
c:\programdata\MPK\1\I40269_4911801505
c:\programdata\MPK\1\I40269_4946522106
c:\programdata\MPK\1\I40269_4981242824
c:\programdata\MPK\1\I40269_5015963657
c:\programdata\MPK\1\I40269_5050685417
c:\programdata\MPK\1\I40269_5085406366
c:\programdata\MPK\1\I40269_5120126736
c:\programdata\MPK\1\I40269_5343855787
c:\programdata\MPK\1\I40269_5378577662
c:\programdata\MPK\1\I40269_5413298032
c:\programdata\MPK\1\I40269_5448018750
c:\programdata\MPK\1\I40269_6791731366
c:\programdata\MPK\1\I40269_6826448611
c:\programdata\MPK\1\I40269_6861170139
c:\programdata\MPK\1\I40269_6895890625
c:\programdata\MPK\1\I40269_6930611806
c:\programdata\MPK\1\I40269_6965332292
c:\programdata\MPK\1\I40269_7000053819
c:\programdata\MPK\1\I40269_7034774190
c:\programdata\MPK\1\I40269_7069495486
c:\programdata\MPK\1\I40269_7104215741
c:\programdata\MPK\1\I40269_7138937153
c:\programdata\MPK\1\I40269_7209661227
c:\programdata\MPK\1\I40269_8048736574
c:\programdata\MPK\1\I40269_8083456829
c:\programdata\MPK\1\I40269_8118178241
c:\programdata\MPK\1\I40269_8152899190
c:\programdata\MPK\1\I40269_8187619560
c:\programdata\MPK\1\I40269_8222340625
c:\programdata\MPK\1\I40269_8257061111
c:\programdata\MPK\1\I40269_8291782407
c:\programdata\MPK\1\I40269_8326502778
c:\programdata\MPK\1\I40269_8361224074
c:\programdata\MPK\1\I40269_8395944792
c:\programdata\MPK\1\I40270_0604922569
c:\programdata\MPK\1\I40270_0639642940
c:\programdata\MPK\1\I40270_0674364120
c:\programdata\MPK\1\I40270_0709084606
c:\programdata\MPK\1\I40270_0743806019
c:\programdata\MPK\1\I40270_0778526389
c:\programdata\MPK\1\I40270_0813247685
c:\programdata\MPK\1\I40270_0847969097
c:\programdata\MPK\1\I40270_4412461690
c:\programdata\MPK\1\I40270_4447182176
c:\programdata\MPK\1\I40270_4481927199
c:\programdata\MPK\1\I40270_4516632870
c:\programdata\MPK\1\I40270_4551344792
c:\programdata\MPK\1\I40270_4586065856
c:\programdata\MPK\1\I40270_4671951736
c:\programdata\MPK\1\I40270_4708256018
c:\programdata\MPK\1\I40270_4742977199
c:\programdata\MPK\1\I40270_4777697801
c:\programdata\MPK\1\I40270_4812418518
c:\programdata\MPK\1\I40270_4847139352
c:\programdata\MPK\1\I40270_4881860880
c:\programdata\MPK\1\I40270_4916581134
c:\programdata\MPK\1\I40270_4951302431
c:\programdata\MPK\1\I40270_4986023843
c:\programdata\MPK\1\I40270_5020744329
c:\programdata\MPK\1\I40270_5055464583
c:\programdata\MPK\1\I40270_5090189815
c:\programdata\MPK\1\I40270_5659586343
c:\programdata\MPK\1\I40270_5694307176
c:\programdata\MPK\1\I40270_5729027662
c:\programdata\MPK\1\I40270_5763749074
c:\programdata\MPK\1\I40270_5798469560
c:\programdata\MPK\1\I40270_5833195949
c:\programdata\MPK\1\I40270_5867918634
c:\programdata\MPK\1\I40270_6243801505
c:\programdata\MPK\1\I40270_6278524537
c:\programdata\MPK\1\I40270_6313251389
c:\programdata\MPK\1\I40270_7087896296
c:\programdata\MPK\1\I40270_7122617130
c:\programdata\MPK\1\I40270_7157338426
c:\programdata\MPK\1\I40270_7192058565
c:\programdata\MPK\1\I40270_7226779977
c:\programdata\MPK\1\I40270_7261500926
c:\programdata\MPK\1\I40270_7296221991
c:\programdata\MPK\1\I40270_7330942593
c:\programdata\MPK\1\I40270_7365663542
c:\programdata\MPK\1\I40270_7400383796
c:\programdata\MPK\1\I40270_7435109838
c:\programdata\MPK\1\I40270_7469828588
c:\programdata\MPK\1\I40270_7504549768
c:\programdata\MPK\1\I40270_7539270602
c:\programdata\MPK\1\I40270_7573996065
c:\programdata\MPK\1\I40270_7608712731
c:\programdata\MPK\1\I40270_7643432870
c:\programdata\MPK\1\I40270_7678154167
c:\programdata\MPK\1\I40270_7712915393
c:\programdata\MPK\1\I40270_8155093171
c:\programdata\MPK\1\I40270_8189813657
c:\programdata\MPK\1\I40270_8224534606
c:\programdata\MPK\1\I40270_8259255324
c:\programdata\MPK\1\I40270_8470868171
c:\programdata\MPK\1\I40270_8505588310
c:\programdata\MPK\1\I40270_8540409259
c:\programdata\MPK\1\I40270_8575030093
c:\programdata\MPK\1\I40270_8609751389
c:\programdata\MPK\1\I40270_8644471991
c:\programdata\MPK\1\I40270_8679193403
c:\programdata\MPK\1\I40270_8713914815
c:\programdata\MPK\1\I40270_8748636111
c:\programdata\MPK\1\I40270_8783357176
c:\programdata\MPK\1\I40270_8818078241
c:\programdata\MPK\1\I40270_8852800116
c:\programdata\MPK\1\I40270_8887520486
c:\programdata\MPK\1\I40270_8922240856
c:\programdata\MPK\1\I40270_8956962268
c:\programdata\MPK\1\I40270_8991683565
c:\programdata\MPK\1\I40270_9026403588
c:\programdata\MPK\1\I40270_9061130556
c:\programdata\MPK\1\I40270_9095849653
c:\programdata\MPK\1\I40270_9130576505
c:\programdata\MPK\1\I40270_9452305208
c:\programdata\MPK\1\I40270_9487022685
c:\programdata\MPK\1\I40270_9521743634
c:\programdata\MPK\1\I40270_9556464468
c:\programdata\MPK\1\I40270_9591185301
c:\programdata\MPK\1\I40270_9830200810
c:\programdata\MPK\1\I40270_9864920949
c:\programdata\MPK\1\I40270_9899642130
c:\programdata\MPK\1\I40271_0003805208
c:\programdata\MPK\1\I40271_0038525232
c:\programdata\MPK\1\I40271_0142687963
c:\programdata\MPK\1\I40271_0177409375
c:\programdata\MPK\1\I40272_4255077778
c:\programdata\MPK\1\I40272_4289799306
c:\programdata\MPK\1\I40272_4344987500
c:\programdata\MPK\1\I40272_4379709028
c:\programdata\MPK\1\I40272_6693626968
c:\programdata\MPK\1\I40272_6728348032
c:\programdata\MPK\1\I40272_6763069097
c:\programdata\MPK\1\I40272_6797790162
c:\programdata\MPK\1\I40272_6832510185
c:\programdata\MPK\1\I40272_6867392708
c:\programdata\MPK\1\I40272_6901951852
c:\programdata\MPK\1\I40272_6936673958
c:\programdata\MPK\1\I40272_6971393866
c:\programdata\MPK\1\I40272_7006115046
c:\programdata\MPK\1\I40272_7040835648
c:\programdata\MPK\1\I40272_7075556482
c:\programdata\MPK\1\I40272_7110277431
c:\programdata\MPK\1\I40272_7144998032
c:\programdata\MPK\1\I40272_7179718866
c:\programdata\MPK\1\I40272_7214440278
c:\programdata\MPK\1\I40272_7249160880
c:\programdata\MPK\1\I40272_7754506250
c:\programdata\MPK\1\I40272_7789227662
c:\programdata\MPK\1\I40272_7823948032
c:\programdata\MPK\1\I40273_6068875463
c:\programdata\MPK\1\I40273_6103595833
c:\programdata\MPK\1\I40273_6138317014
c:\programdata\MPK\1\I40273_6173037616
c:\programdata\MPK\1\I40273_6207759144
c:\programdata\MPK\1\I40273_6242479861
c:\programdata\MPK\1\I40273_6277200116
c:\programdata\MPK\1\I40273_6311921759
c:\programdata\MPK\1\I40273_6346642014
c:\programdata\MPK\1\I40273_6381363194
c:\programdata\MPK\1\I40273_6416083681
c:\programdata\MPK\1\I40273_6450805208
c:\programdata\MPK\1\I40273_6485525347
c:\programdata\MPK\1\I40273_6520246875
c:\programdata\MPK\1\I40273_6554972801
c:\programdata\MPK\1\I40273_6589688542
c:\programdata\MPK\1\I40273_6624409028
c:\programdata\MPK\1\I40273_6659130093
c:\programdata\MPK\1\I40273_6693851736
c:\programdata\MPK\1\I40273_6728572222
c:\programdata\MPK\1\I40273_6763292477
c:\programdata\MPK\1\I40273_6798020949
c:\programdata\MPK\1\I40273_6832734144
c:\programdata\MPK\1\I40273_6867455903
c:\programdata\MPK\1\I40273_6902175926
c:\programdata\MPK\1\I40273_6936897106
c:\programdata\MPK\1\I40273_6971618634
c:\programdata\MPK\1\I40273_7006339236
c:\programdata\MPK\1\I40273_7041059375
c:\programdata\MPK\1\I40273_7075781250
c:\programdata\MPK\1\I40273_7110502315
c:\programdata\MPK\1\I40273_7145222685
c:\programdata\MPK\1\I40273_7179943171
c:\programdata\MPK\1\I40273_7214664352
c:\programdata\MPK\1\I40273_8443398495
c:\programdata\MPK\1\I40273_8486342014
c:\programdata\MPK\1\I40273_8521063426
c:\programdata\MPK\1\I40273_8555783912
c:\programdata\MPK\1\I40273_8701210880
c:\programdata\MPK\1\I40273_8735936458
c:\programdata\MPK\1\I40273_8925812153
c:\programdata\MPK\1\I40273_8960534722
c:\programdata\MPK\1\I40273_8995259259
c:\programdata\MPK\1\I40273_9204900926
c:\programdata\MPK\1\I40273_9239621644
c:\programdata\MPK\1\I40273_9470787847
c:\programdata\MPK\1\I40273_9622605093
c:\programdata\MPK\1\I40273_9657355787
c:\programdata\MPK\1\I40273_9692047569
c:\programdata\MPK\1\I40273_9726768056
c:\programdata\MPK\1\I40274_5604077546
c:\programdata\MPK\1\I40274_5638798032
c:\programdata\MPK\1\I40274_5673519329
c:\programdata\MPK\1\I40274_5708239815
c:\programdata\MPK\1\I40274_5742961111
c:\programdata\MPK\1\I40274_5777682407
c:\programdata\MPK\1\I40274_5812402893
c:\programdata\MPK\1\I40274_5847123264
c:\programdata\MPK\1\I40274_5881845023
c:\programdata\MPK\1\I40274_5916565393
c:\programdata\MPK\1\I40274_5951285764
c:\programdata\MPK\1\I40274_5986048380
c:\programdata\MPK\1\I40274_6020728009
c:\programdata\MPK\1\I40274_6055449190
c:\programdata\MPK\1\I40274_6090169792
c:\programdata\MPK\1\I40274_6124890394
c:\programdata\MPK\1\I40274_6159612037
c:\programdata\MPK\1\I40274_6194332407
c:\programdata\MPK\1\I40274_6229053819
c:\programdata\MPK\1\I40274_6263775463
c:\programdata\MPK\1\I40274_6298495718
c:\programdata\MPK\1\I40274_6738991551
c:\programdata\MPK\1\I40274_6773713079
c:\programdata\MPK\1\I40274_6808433333
c:\programdata\MPK\1\I40274_6843154167
c:\programdata\MPK\1\I40274_6877875463
c:\programdata\MPK\1\I40275_4637642824
c:\programdata\MPK\1\I40275_4703421528
c:\programdata\MPK\1\I40275_4738142477
c:\programdata\MPK\1\I40275_4772862963
c:\programdata\MPK\1\I40275_4807584375
c:\programdata\MPK\1\I40275_4842304861
c:\programdata\MPK\1\I40275_4877026389
c:\programdata\MPK\1\I40275_4911746991
c:\programdata\MPK\1\I40275_4946467361
c:\programdata\MPK\1\I40275_5009726042
c:\programdata\MPK\1\I40275_5389457407
c:\programdata\MPK\1\I40275_5424178935
c:\programdata\MPK\1\I40275_5458899190
c:\programdata\MPK\1\I40275_5493620602
c:\programdata\MPK\1\I40275_5528347106
c:\programdata\MPK\1\I40275_5563062384
c:\programdata\MPK\1\I40275_5597783681
c:\programdata\MPK\1\I40275_5632509838
c:\programdata\MPK\1\I40275_5730962384
c:\programdata\MPK\1\I40275_5767152199
c:\programdata\MPK\1\I40275_5801872685
c:\programdata\MPK\1\I40275_5906035417
c:\programdata\MPK\1\I40275_5940756134
c:\programdata\MPK\1\I40275_5975477662
c:\programdata\MPK\1\I40275_6010198032
c:\programdata\MPK\1\I40275_6044926620
c:\programdata\MPK\1\I40275_6079640509
c:\programdata\MPK\1\I40275_6114360995
c:\programdata\MPK\1\I40275_6149081597
c:\programdata\MPK\1\I40275_6183803009
c:\programdata\MPK\1\I40275_7199359954
c:\programdata\MPK\1\I40275_7234080440
c:\programdata\MPK\1\I40275_7268801505
c:\programdata\MPK\1\I40275_7303522569
c:\programdata\MPK\1\I40275_7338242940
c:\programdata\MPK\1\I40275_7372964352
c:\programdata\MPK\1\I40275_7407684954
c:\programdata\MPK\1\I40275_7442406481
c:\programdata\MPK\1\I40275_7477126505
c:\programdata\MPK\1\I40275_7511848032
c:\programdata\MPK\1\I40275_7546568519
c:\programdata\MPK\1\I40275_7581289583
c:\programdata\MPK\1\I40275_7616009954
c:\programdata\MPK\1\I40275_7650731366
c:\programdata\MPK\1\I40275_7685451736
c:\programdata\MPK\1\I40275_7720173032
c:\programdata\MPK\1\I40275_7754894097
c:\programdata\MPK\1\I40275_7789614583
c:\programdata\MPK\1\I40275_9537695255
c:\programdata\MPK\1\I40275_9736860532
c:\programdata\MPK\1\I40275_9774365162
c:\programdata\MPK\1\I40275_9810753704
c:\programdata\MPK\1\I40276_0331609144
c:\programdata\MPK\1\I40276_0366328009
c:\programdata\MPK\1\I40276_7224496181
c:\programdata\MPK\1\I40276_7259224190
c:\programdata\MPK\1\I40276_7293938079
c:\programdata\MPK\1\I40276_7328659259
c:\programdata\MPK\1\I40276_7363379282
c:\programdata\MPK\1\I40276_7928575926
c:\programdata\MPK\1\I40276_8212778241
c:\programdata\MPK\1\I40276_8247502546
c:\programdata\MPK\1\I40276_8518061458
c:\programdata\MPK\1\I40276_8552781944
c:\programdata\MPK\1\I40276_8587503125
c:\programdata\MPK\1\I40276_8622224190
c:\programdata\MPK\1\I40276_8656944444
c:\programdata\MPK\1\I40276_8691665509
c:\programdata\MPK\1\I40276_8726390625
c:\programdata\MPK\1\I40276_8761108565
c:\programdata\MPK\1\I40276_8795829398
c:\programdata\MPK\1\I40276_8830551042
c:\programdata\MPK\1\I40276_8865290509
c:\programdata\MPK\1\I40276_8899993634
c:\programdata\MPK\1\I40276_8934717940
c:\programdata\MPK\1\I40276_8969435185
c:\programdata\MPK\1\I40276_9004155671
c:\programdata\MPK\1\I40276_9038877315
c:\programdata\MPK\1\I40276_9073597454
c:\programdata\MPK\1\I40276_9108318750
c:\programdata\MPK\1\I40276_9143039352
c:\programdata\MPK\1\I40276_9177760995
c:\programdata\MPK\1\I40276_9212481250
c:\programdata\MPK\1\I40276_9247202778
c:\programdata\MPK\1\I40276_9281924190
c:\programdata\MPK\1\I40276_9316644560
c:\programdata\MPK\1\I40276_9351365046
c:\programdata\MPK\1\I40276_9386085764
c:\programdata\MPK\1\I40276_9420806597
c:\programdata\MPK\1\I40276_9455528356
c:\programdata\MPK\1\I40276_9490248727
c:\programdata\MPK\1\I40276_9524970255
c:\programdata\MPK\1\I40276_9559690856
c:\programdata\MPK\1\I40276_9594412037
c:\programdata\MPK\1\I40276_9629140394
c:\programdata\MPK\1\I40276_9698852546
c:\programdata\MPK\1\I40276_9733574190
c:\programdata\MPK\1\I40276_9768294560
c:\programdata\MPK\1\I40276_9803015509
c:\programdata\MPK\1\I40276_9837736227
c:\programdata\MPK\1\I40276_9872458102
c:\programdata\MPK\1\I40276_9907178009
c:\programdata\MPK\1\I40276_9941898843
c:\programdata\MPK\1\I40276_9976620949
c:\programdata\MPK\1\I40277_0011341782
c:\programdata\MPK\1\I40277_0046062500
c:\programdata\MPK\1\I40277_0080784028
c:\programdata\MPK\1\I40277_0115504398
c:\programdata\MPK\1\I40277_5803451736
c:\programdata\MPK\1\I40277_5838172569
c:\programdata\MPK\1\I40277_5872893634
c:\programdata\MPK\1\I40277_5907614815
c:\programdata\MPK\1\I40277_5942335185
c:\programdata\MPK\1\I40277_5977056829
c:\programdata\MPK\1\I40277_6011777431
c:\programdata\MPK\1\I40277_6046511806
c:\programdata\MPK\1\I40277_6081219329
c:\programdata\MPK\1\I40277_6392450347
c:\programdata\MPK\1\I40277_6427173032
c:\programdata\MPK\1\I40277_6461892014
c:\programdata\MPK\1\I40277_6496613657
c:\programdata\MPK\1\I40277_7401407523
c:\programdata\MPK\1\I40277_7436128472
c:\programdata\MPK\1\I40277_7470849421
c:\programdata\MPK\1\I40277_7505570370
c:\programdata\MPK\1\I40277_7540291551
c:\programdata\MPK\1\I40277_7575012153
c:\programdata\MPK\1\I40277_7609733565
c:\programdata\MPK\1\I40277_9000110185
c:\programdata\MPK\1\I40277_9034827778
c:\programdata\MPK\1\I40277_9069552431
c:\programdata\MPK\1\I40277_9104269560
c:\programdata\MPK\1\I40277_9138990278
c:\programdata\MPK\1\I40277_9173711343
c:\programdata\MPK\1\I40277_9209666088
c:\programdata\MPK\1\I40277_9244989699
c:\programdata\MPK\1\I40277_9279710764
c:\programdata\MPK\1\I40277_9314432407
c:\programdata\MPK\1\I40277_9349153009
c:\programdata\MPK\1\I40277_9383873264
c:\programdata\MPK\1\I40277_9560215278
c:\programdata\MPK\1\I40277_9594941435
c:\programdata\MPK\1\I40277_9629663657
c:\programdata\MPK\1\I40277_9803488889
c:\programdata\MPK\1\I40277_9838210532
c:\programdata\MPK\1\I40277_9872930787
c:\programdata\MPK\1\I40277_9907651968
c:\programdata\MPK\1\I40277_9942372917
c:\programdata\MPK\1\I40277_9977094560
c:\programdata\MPK\1\I40278_0011814815
c:\programdata\MPK\1\I40278_0046535532
c:\programdata\MPK\1\I40278_0081256597
c:\programdata\MPK\1\I40278_0115977431
c:\programdata\MPK\1\I40278_0413685532
c:\programdata\MPK\1\I40278_0448406829
c:\programdata\MPK\1\I40278_0483128357
c:\programdata\MPK\1\I40278_0552569444
c:\programdata\MPK\1\I40278_0587290278
c:\programdata\MPK\1\I40278_0622011343
c:\programdata\MPK\1\I40278_5324020833
c:\programdata\MPK\1\I40278_5358741088
c:\programdata\MPK\1\I40278_5393463310
c:\programdata\MPK\1\I40278_5428182639
c:\programdata\MPK\1\I40278_6503326505
c:\programdata\MPK\1\I40278_6538047107
c:\programdata\MPK\1\I40278_6572767940
c:\programdata\MPK\1\I40278_6607489699
c:\programdata\MPK\1\I40278_6642210069
c:\programdata\MPK\1\I40278_6676930671
c:\programdata\MPK\1\I40278_6711655903
c:\programdata\MPK\1\I40278_6746373264
c:\programdata\MPK\1\I40278_6781093634
c:\programdata\MPK\1\I40278_6815814236
c:\programdata\MPK\1\I40278_7321978241
c:\programdata\MPK\1\I40278_7356698148
c:\programdata\MPK\1\I40278_7391419097
c:\programdata\MPK\1\I40278_7426140046
c:\programdata\MPK\1\I40278_7460861343
c:\programdata\MPK\1\I40278_7495581713
c:\programdata\MPK\1\I40278_7530303356
c:\programdata\MPK\1\I40278_7565023611
c:\programdata\MPK\1\I40278_7599744907
c:\programdata\MPK\1\I40278_7634465278
c:\programdata\MPK\1\I40278_7669186806
c:\programdata\MPK\1\I40278_7703907060
c:\programdata\MPK\1\I40278_7863852083
c:\programdata\MPK\1\I40279_0264726505
c:\programdata\MPK\1\I40279_0299447801
c:\programdata\MPK\1\I40279_0334168056
c:\programdata\MPK\1\I40279_6011968981
c:\programdata\MPK\1\I40279_6046658333
c:\programdata\MPK\1\I40279_6081378588
c:\programdata\MPK\1\I40279_6116100116
c:\programdata\MPK\1\I40279_6150820718
c:\programdata\MPK\1\I40279_6185541782
c:\programdata\MPK\1\I40279_6220262384
c:\programdata\MPK\1\I40279_6254983912
c:\programdata\MPK\1\I40279_6289704051
c:\programdata\MPK\1\I40279_6324425347
c:\programdata\MPK\1\I40279_6359145833
c:\programdata\MPK\1\I40279_6393867130
c:\programdata\MPK\1\I40279_6428587500
c:\programdata\MPK\1\I40279_6463309375
c:\programdata\MPK\1\I40279_6498029167
c:\programdata\MPK\1\I40279_6532751042
c:\programdata\MPK\1\I40279_6585069907
c:\programdata\MPK\1\I40279_6619791204
c:\programdata\MPK\1\I40279_6654511574
c:\programdata\MPK\1\I40279_6689232986
c:\programdata\MPK\1\I40279_6723953588
c:\programdata\MPK\1\I40279_6758674653
c:\programdata\MPK\1\I40279_6793400116
c:\programdata\MPK\1\I40279_6828116898
c:\programdata\MPK\1\I40279_6862924537
c:\programdata\MPK\1\I40279_6897558565
c:\programdata\MPK\1\I40279_6932279977
c:\programdata\MPK\1\I40279_6967000347
c:\programdata\MPK\1\I40279_7001720833
c:\programdata\MPK\1\I40279_7036442361
c:\programdata\MPK\1\I40279_7071162847
c:\programdata\MPK\1\I40279_7105888889
c:\programdata\MPK\1\I40279_7475301389
c:\programdata\MPK\1\I40279_7510022454
c:\programdata\MPK\1\I40279_7544743056
c:\programdata\MPK\1\I40279_7579464583
c:\programdata\MPK\1\I40279_7614184722
c:\programdata\MPK\1\I40279_7871479745
c:\programdata\MPK\1\I40279_7906200926
c:\programdata\MPK\1\I40279_7940921412
c:\programdata\MPK\1\I40279_7975643056
c:\programdata\MPK\1\I40279_8010363426
c:\programdata\MPK\1\I40279_8045084606
c:\programdata\MPK\1\I40279_8079805671
c:\programdata\MPK\1\I40279_8114526389
c:\programdata\MPK\1\I40279_8149246759
c:\programdata\MPK\1\I40279_8183968171
c:\programdata\MPK\1\I40279_8218688426
c:\programdata\MPK\1\I40279_8253414236
c:\programdata\MPK\1\I40279_8288132523
c:\programdata\MPK\1\I40279_8322853009
c:\programdata\MPK\1\I40279_8357574421
c:\programdata\MPK\1\I40279_8392295833
c:\programdata\MPK\1\I40279_8427016435
c:\programdata\MPK\1\I40279_8468700579
c:\programdata\MPK\1\I40279_8503421412
c:\programdata\MPK\1\I40279_8538143171
c:\programdata\MPK\1\I40279_8572863657
c:\programdata\MPK\1\I40279_8607584838
c:\programdata\MPK\1\I40279_8642304977
c:\programdata\MPK\1\I40279_8677026505
c:\programdata\MPK\1\I40279_8711747917
c:\programdata\MPK\1\I40279_8746468519
c:\programdata\MPK\1\I40279_8781188542
c:\programdata\MPK\1\I40279_8815909954
c:\programdata\MPK\1\I40279_8850631481
c:\programdata\MPK\1\I40279_8885352083
c:\programdata\MPK\1\I40279_8920072569
c:\programdata\MPK\1\I40279_8954794213
c:\programdata\MPK\1\I40279_8989515741
c:\programdata\MPK\1\I40279_9024236690
c:\programdata\MPK\1\I40279_9058957176
c:\programdata\MPK\1\I40279_9093678241
c:\programdata\MPK\1\I40279_9128399537
c:\programdata\MPK\1\I40279_9163120255
c:\programdata\MPK\1\I40279_9197840741
c:\programdata\MPK\1\I40279_9232561343
c:\programdata\MPK\1\I40279_9267282870
c:\programdata\MPK\1\I40279_9339551273
c:\programdata\MPK\1\I40279_9374273843
c:\programdata\MPK\1\I40279_9408996296
c:\programdata\MPK\1\I40279_9443718403
c:\programdata\MPK\1\I40279_9507171296
c:\programdata\MPK\1\I40279_9541892130
c:\programdata\MPK\1\I40279_9646054282
c:\programdata\MPK\1\I40279_9680774768
c:\programdata\MPK\1\I40279_9715495833
c:\programdata\MPK\1\I40279_9750216319
c:\programdata\MPK\1\I40280_6431921296
c:\programdata\MPK\1\I40280_6466641898
c:\programdata\MPK\1\I40280_6501362500
c:\programdata\MPK\1\I40280_7277121759
c:\programdata\MPK\1\I40280_7311842361
c:\programdata\MPK\1\I40280_7346563773
c:\programdata\MPK\1\I40280_7381283912
c:\programdata\MPK\1\I40280_8374457523
c:\programdata\MPK\1\I40280_8409030093
c:\programdata\MPK\1\I40280_8443750579
c:\programdata\MPK\1\I40280_8478472569
c:\programdata\MPK\1\I40280_8513192824
c:\programdata\MPK\1\I40280_8547913194
c:\programdata\MPK\1\I40280_8582634607
c:\programdata\MPK\1\I40280_8617355556
c:\programdata\MPK\1\I40280_8652075926
c:\programdata\MPK\1\I40280_8686797106
c:\programdata\MPK\1\I40280_8721518750
c:\programdata\MPK\1\I40280_8756239352
c:\programdata\MPK\1\I40280_8790959722
c:\programdata\MPK\1\I40280_8825680671
c:\programdata\MPK\1\I40280_8860401273
c:\programdata\MPK\1\I40280_8895122569
c:\programdata\MPK\1\I40280_8929842940
c:\programdata\MPK\1\I40280_8964564005
c:\programdata\MPK\1\I40280_8999285185
c:\programdata\MPK\1\I40280_9034005671
c:\programdata\MPK\1\I40280_9068726852
c:\programdata\MPK\1\I40280_9103447338
c:\programdata\MPK\1\I40280_9138168982
c:\programdata\MPK\1\I40280_9172889236
c:\programdata\MPK\1\I40280_9207609954
c:\programdata\MPK\1\I40280_9242330903
c:\programdata\MPK\1\I40280_9401978009
c:\programdata\MPK\1\I40280_9436699537
c:\programdata\MPK\1\I40281_7462041667
c:\programdata\MPK\1\I40281_7496765509
c:\programdata\MPK\1\I40281_7531488194
c:\programdata\MPK\1\I40281_7566210764
c:\programdata\MPK\1\I40281_7600928704
c:\programdata\MPK\1\I40281_7635649190
c:\programdata\MPK\1\I40281_7670370370
c:\programdata\MPK\1\I40281_7705091898
c:\programdata\MPK\1\I40281_7739812384
c:\programdata\MPK\1\I40281_7774532870
c:\programdata\MPK\1\I40281_7809253935
c:\programdata\MPK\1\I40281_7843975463
c:\programdata\MPK\1\I40281_7878695833

jejapalli · 24.04.2010, 22:26

Teil 2:
c:\programdata\MPK\1\I40281_8153043519
c:\programdata\MPK\1\I40281_8187763657
c:\programdata\MPK\1\I40281_8222484491
c:\programdata\MPK\1\I40281_8257205903
c:\programdata\MPK\1\I40281_8291926505
c:\programdata\MPK\1\I40281_8326647801
c:\programdata\MPK\1\I40281_8361368056
c:\programdata\MPK\1\I40281_8396089468
c:\windows\fEWmbOLO.dll
c:\windows\ffufUJqGS.exe
c:\windows\ffWFdYbH.dll
c:\windows\FFwjaGke.exe
c:\windows\fLWqXKsJ.exe
c:\windows\FNVpuS.exe
c:\windows\FSWCbWTii.exe
c:\windows\Ftxiw.exe
c:\windows\fWRawF.dll
c:\windows\gAcdiu.dll
c:\windows\gngvQKK.dll
c:\windows\gUtTR.exe
c:\windows\GwTmnKCVm.dll
c:\windows\hAUdusU.exe
c:\windows\hcdkGmT.dll
c:\windows\HIVpDv.exe
c:\windows\hOWvICnud.dll
c:\windows\hPybpsOBC.dll
c:\windows\hqcNL.exe
c:\windows\hTcLKHvIy.dll
c:\windows\IaKorqw.exe
c:\windows\iIyAjnMl.exe
c:\windows\ipCWijjoj.exe
c:\windows\iqGYBKlG.dll
c:\windows\IyWAsuE.exe
c:\windows\JAVOQVoMa.exe
c:\windows\JDRlxJLD.dll
c:\windows\JfrBTbVj.exe
c:\windows\jiGqajADr.dll
c:\windows\joaARbFL.exe
c:\windows\jpJQuOb.exe
c:\windows\JpQECjOvh.dll
c:\windows\jRHvs.exe
c:\windows\jvitLAF.exe
c:\windows\kjqRaChl.dll
c:\windows\KlcWnjB.exe
c:\windows\lbqCJuH.exe
c:\windows\lLwsl.exe
c:\windows\LpFXpQgfs.exe
c:\windows\lSqtBik.dll
c:\windows\lwtKuvC.exe
c:\windows\lxxJvatMf.dll
c:\windows\LyUES.dll
c:\windows\McIAc.exe
c:\windows\mDinaePX.dll
c:\windows\Meyhx.dll
c:\windows\mfRMxKrcj.dll
c:\windows\mICxoHgO.exe
c:\windows\miiOBp.dll
c:\windows\Mpxrbv.dll
c:\windows\mXSKLc.exe
c:\windows\NBbGvYTxk.dll
c:\windows\nEjdOg.dll
c:\windows\njXEmo.dll
c:\windows\NkAJJm.dll
c:\windows\nmHGS.dll
c:\windows\NPArarLm.dll
c:\windows\ntpdpsyJO.dll
c:\windows\nUGfGAxoU.dll
c:\windows\NuJsF.exe
c:\windows\nWnFMUqA.exe
c:\windows\OAPXNQeJI.exe
c:\windows\obPBchN.dll
c:\windows\ocFXoP.exe
c:\windows\odGjNaTG.dll
c:\windows\ohwlD.dll
c:\windows\OqketlEn.exe
c:\windows\oqNPK.exe
c:\windows\OVSdcANC.dll
c:\windows\oVUqx.exe
c:\windows\OXySbCNtH.exe
c:\windows\pdloKLRud.exe
c:\windows\pLPsIVl.dll
c:\windows\poBPlYN.exe
c:\windows\pPeXuYq.dll
c:\windows\pSgeLk.exe
c:\windows\psyGfeed.dll
c:\windows\pXlIYx.exe
c:\windows\PxNvTCi.dll
c:\windows\PyXChET.dll
c:\windows\qfqtUynfp.exe
c:\windows\qmgnL.exe
c:\windows\QnGUVEnb.exe
c:\windows\QPpuUs.dll
c:\windows\QPSYWtcME.exe
c:\windows\QQbEqRI.exe
c:\windows\qVENSF.dll
c:\windows\qyJuOHrA.exe
c:\windows\QYYelShNR.dll
c:\windows\RAJihCO.dll
c:\windows\rBmQDEJ.exe
c:\windows\rEQCWsj.exe
c:\windows\RJBkUW.exe
c:\windows\RkRKUx.dll
c:\windows\RQxMphFfw.dll
c:\windows\RrCdmqEI.exe
c:\windows\RRKXjMKm.dll
c:\windows\RTYAHKmR.exe
c:\windows\rWfbBPPI.exe
c:\windows\rwUAdw.exe
c:\windows\RxTTiNiUh.exe
c:\windows\SAxMh.exe
c:\windows\SlmScUbqR.dll
c:\windows\SnBJuh.exe
c:\windows\snJXqQ.dll
c:\windows\SqnaFwiUT.dll
c:\windows\sRGvOs.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\abNrHA.dll
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AhhHw.dll
c:\windows\system32\aHWQoD.exe
c:\windows\system32\alWNRXATP.exe
c:\windows\system32\aNpHA.exe
c:\windows\system32\aPCeKisll.exe
c:\windows\system32\AWEpPp.exe
c:\windows\system32\BBmMrLWbX.exe
c:\windows\system32\bGIQGX.dll
c:\windows\system32\BOdmM.dll
c:\windows\system32\BrhhdO.exe
c:\windows\system32\Buovh.exe
c:\windows\system32\bUqkKAicy.exe
c:\windows\system32\CgjIj.dll
c:\windows\system32\cHvgWJ.dll
c:\windows\system32\ckojlHBSI.dll
c:\windows\system32\CmPRWIgy.dll
c:\windows\system32\cNthLRRX.dll
c:\windows\system32\CntjECHGM.dll
c:\windows\system32\CQSwIUg.dll
c:\windows\system32\CtBLNn.dll
c:\windows\system32\cunkk.dll
c:\windows\system32\cXQMyfqUV.exe
c:\windows\system32\CYUyejA.exe
c:\windows\system32\DbkiaKt.exe
c:\windows\system32\DCUXOYmfj.exe
c:\windows\system32\dfpFPvQhN.dll
c:\windows\system32\dgLiFD.exe
c:\windows\system32\dkEoFpvpj.dll
c:\windows\system32\dnNqY.exe
c:\windows\system32\dqGKesUno.exe
c:\windows\system32\DRCbAP.exe
c:\windows\system32\drivers\aAqLPi.dll
c:\windows\system32\drivers\AbuptIwW.exe
c:\windows\system32\drivers\aCwTDyq.exe
c:\windows\system32\drivers\aDITLpr.dll
c:\windows\system32\drivers\AGIHKFLpk.exe
c:\windows\system32\drivers\AlOtYjphR.exe
c:\windows\system32\drivers\apqPPtxM.dll
c:\windows\system32\drivers\aqVaBBa.dll
c:\windows\system32\drivers\AuSAAE.dll
c:\windows\system32\drivers\AUsqYxbfO.exe
c:\windows\system32\drivers\ayJyyHS.dll
c:\windows\system32\drivers\bAJlHjWw.dll
c:\windows\system32\drivers\bHhystMB.dll
c:\windows\system32\drivers\BkjsO.dll
c:\windows\system32\drivers\BLJSoSw.exe
c:\windows\system32\drivers\bLTtVBVS.dll
c:\windows\system32\drivers\bNnycG.dll
c:\windows\system32\drivers\BNsxLl.exe
c:\windows\system32\drivers\bOYiMvung.dll
c:\windows\system32\drivers\bqrdMmpSF.dll
c:\windows\system32\drivers\bRLakme.exe
c:\windows\system32\drivers\BuNOtGaLN.exe
c:\windows\system32\drivers\BVrPxjj.dll
c:\windows\system32\drivers\BWnyOF.dll
c:\windows\system32\drivers\bYdUPN.dll
c:\windows\system32\drivers\CdQxgKuRa.exe
c:\windows\system32\drivers\cfFeoj.dll
c:\windows\system32\drivers\cftHUugo.dll
c:\windows\system32\drivers\CIVXxgQ.dll
c:\windows\system32\drivers\cpmEqxs.exe
c:\windows\system32\drivers\cpvADMBn.exe
c:\windows\system32\drivers\CUEdif.exe
c:\windows\system32\drivers\CuEklaRGw.dll
c:\windows\system32\drivers\cUFtnq.dll
c:\windows\system32\drivers\deMAVw.dll
c:\windows\system32\drivers\dkKDb.exe
c:\windows\system32\drivers\DnIoP.exe
c:\windows\system32\drivers\dSJcSm.dll
c:\windows\system32\drivers\DTNGo.dll
c:\windows\system32\drivers\DtXPQL.exe
c:\windows\system32\drivers\DXobQ.dll
c:\windows\system32\drivers\DxPSG.dll
c:\windows\system32\drivers\EbblWwCX.exe
c:\windows\system32\drivers\EBNqaMq.dll
c:\windows\system32\drivers\ecsKMO.dll
c:\windows\system32\drivers\eFsMS.exe
c:\windows\system32\drivers\EFxSINqA.exe
c:\windows\system32\drivers\ejWijYfef.exe
c:\windows\system32\drivers\elqSvd.exe
c:\windows\system32\drivers\elYLMGL.dll
c:\windows\system32\drivers\eooyQB.dll
c:\windows\system32\drivers\eQdEERolU.dll
c:\windows\system32\drivers\EXoUAsJ.exe
c:\windows\system32\drivers\EyvvCOsYG.dll
c:\windows\system32\drivers\falJvBgm.dll
c:\windows\system32\drivers\fARwt.dll
c:\windows\system32\drivers\FeLfEl.dll
c:\windows\system32\drivers\FeOsq.dll
c:\windows\system32\drivers\fHqaGPRnI.exe
c:\windows\system32\drivers\fYpGoco.exe
c:\windows\system32\drivers\gaINDi.exe
c:\windows\system32\drivers\glQbByXB.dll
c:\windows\system32\drivers\gPAaeU.dll
c:\windows\system32\drivers\gqqnmwG.dll
c:\windows\system32\drivers\gVVeu.dll
c:\windows\System32\drivers\gxvxcumviswxjxoiqpcmlwyhpqnkxoycielcb.sys
c:\windows\system32\drivers\HGdTo.exe
c:\windows\system32\drivers\HjPCuPNX.dll
c:\windows\system32\drivers\HmjthDT.dll
c:\windows\system32\drivers\HnPaUYTHw.dll
c:\windows\system32\drivers\hoUfdsot.exe
c:\windows\system32\drivers\hpDxa.exe
c:\windows\system32\drivers\HqXvUPs.exe
c:\windows\system32\drivers\HWYXNaPJK.exe
c:\windows\system32\drivers\iDradp.dll
c:\windows\system32\drivers\ihMADRjfI.dll
c:\windows\system32\drivers\IMdnM.dll
c:\windows\system32\drivers\iRiJLVwf.dll
c:\windows\system32\drivers\iwoaDLRXV.exe
c:\windows\system32\drivers\IyXWY.dll
c:\windows\system32\drivers\jBtfLhgDn.exe
c:\windows\system32\drivers\JkPwSXXeH.exe
c:\windows\system32\drivers\jLlnxKh.dll
c:\windows\system32\drivers\jRmMlnNn.exe
c:\windows\system32\drivers\JsTGNPeQU.exe
c:\windows\system32\drivers\JUjpMbsG.dll
c:\windows\system32\drivers\JwljUvIqa.exe
c:\windows\system32\drivers\JwmMdUVTi.exe
c:\windows\system32\drivers\jxxUbxq.exe
c:\windows\system32\drivers\KAjDVjYeg.dll
c:\windows\system32\drivers\kERaruP.exe
c:\windows\system32\drivers\KfQuqlL.exe
c:\windows\system32\drivers\knEYvJgov.dll
c:\windows\system32\drivers\kNmubsH.exe
c:\windows\system32\drivers\ksqCUSV.exe
c:\windows\system32\drivers\ktICGedT.dll
c:\windows\system32\drivers\KvvYK.dll
c:\windows\system32\drivers\kXCLImeTa.exe
c:\windows\system32\drivers\LeAqEvnA.dll
c:\windows\system32\drivers\lgXVMbg.dll
c:\windows\system32\drivers\lJTyQ.exe
c:\windows\system32\drivers\LkIkMVFu.dll
c:\windows\system32\drivers\lNnfUEYD.dll
c:\windows\system32\drivers\lOyPjQ.exe
c:\windows\system32\drivers\lVujYaqxA.dll
c:\windows\system32\drivers\lwajQ.dll
c:\windows\system32\drivers\MwbKHNOKh.exe
c:\windows\system32\drivers\myfILct.dll
c:\windows\system32\drivers\nCUTWL.dll
c:\windows\system32\drivers\NFcDP.exe
c:\windows\system32\drivers\nHtALNg.dll
c:\windows\system32\drivers\NJDxySsG.dll
c:\windows\system32\drivers\NNMCb.exe
c:\windows\system32\drivers\nogKipFc.dll
c:\windows\system32\drivers\nqgxVyUi.exe
c:\windows\system32\drivers\nSCOPejph.dll
c:\windows\system32\drivers\ntLsIowx.dll
c:\windows\system32\drivers\ntxhHHS.dll
c:\windows\system32\drivers\oHsGcnrFW.dll
c:\windows\system32\drivers\OoDiFCHJ.dll
c:\windows\system32\drivers\ORAgyhF.dll
c:\windows\system32\drivers\oXeTdPXRf.dll
c:\windows\system32\drivers\PdJkETK.exe
c:\windows\system32\drivers\peLyu.exe
c:\windows\system32\drivers\pfcgklsH.dll
c:\windows\system32\drivers\PGWkIcSg.dll
c:\windows\system32\drivers\pJFbDJuRg.dll
c:\windows\system32\drivers\PjVkY.exe
c:\windows\system32\drivers\pkIfcGpPq.exe
c:\windows\system32\drivers\PKPhFD.exe
c:\windows\system32\drivers\PocafQ.dll
c:\windows\system32\drivers\psVfK.dll
c:\windows\system32\drivers\QaaQa.exe
c:\windows\system32\drivers\qEbcDMK.exe
c:\windows\system32\drivers\qeocAoE.exe
c:\windows\system32\drivers\QKrGYAp.exe
c:\windows\system32\drivers\qPrYSCAK.dll
c:\windows\system32\drivers\qsHvuX.dll
c:\windows\system32\drivers\QuhSI.exe
c:\windows\system32\drivers\QVcRJ.dll
c:\windows\system32\drivers\RGdYUy.dll
c:\windows\system32\drivers\rhSvqcw.dll
c:\windows\system32\drivers\RluSLkSeB.exe
c:\windows\system32\drivers\RNhlgn.exe
c:\windows\system32\drivers\RqRnh.exe
c:\windows\system32\drivers\rsqGXMSg.exe
c:\windows\system32\drivers\SnXaToaG.exe
c:\windows\system32\drivers\sqqPSx.exe
c:\windows\system32\drivers\sUshMm.dll
c:\windows\system32\drivers\SVcnK.exe
c:\windows\system32\drivers\tAmTtnc.exe
c:\windows\system32\drivers\tEgeee.exe
c:\windows\system32\drivers\TfccEm.dll
c:\windows\system32\drivers\tGMBP.dll
c:\windows\system32\drivers\THWMvuDPB.exe
c:\windows\system32\drivers\tjsGXD.exe
c:\windows\system32\drivers\toFhetUHo.dll
c:\windows\system32\drivers\TOHrPQO.exe
c:\windows\system32\drivers\tSddixOj.exe
c:\windows\system32\drivers\TskRVsQhN.dll
c:\windows\system32\drivers\tSLRJviD.dll
c:\windows\system32\drivers\tsMvyLR.exe
c:\windows\system32\drivers\TSTBfAbc.exe
c:\windows\system32\drivers\TvYgCMM.dll
c:\windows\system32\drivers\tWyGiPL.dll
c:\windows\system32\drivers\uaxUsIPR.exe
c:\windows\system32\drivers\uayGkl.dll
c:\windows\system32\drivers\ucUWoKIo.exe
c:\windows\system32\drivers\UHiqEkv.dll
c:\windows\system32\drivers\uhQWkDpEY.exe
c:\windows\system32\drivers\UIDqJea.dll
c:\windows\system32\drivers\ulGts.dll
c:\windows\system32\drivers\UVbqk.exe
c:\windows\system32\drivers\UVUtcYCs.exe
c:\windows\system32\drivers\uvvas.exe
c:\windows\system32\drivers\uYucv.exe
c:\windows\system32\drivers\vcIVpS.exe
c:\windows\system32\drivers\vmvTHtx.exe
c:\windows\system32\drivers\vpGCClkB.dll
c:\windows\system32\drivers\VqhlVwyT.exe
c:\windows\system32\drivers\VQOTuqQE.exe
c:\windows\system32\drivers\vSlGqgh.dll
c:\windows\system32\drivers\vURVn.exe
c:\windows\system32\drivers\vVmhgk.dll
c:\windows\system32\drivers\vWOmJF.exe
c:\windows\system32\drivers\WaJpEHq.dll
c:\windows\system32\drivers\weXDc.dll
c:\windows\system32\drivers\wICBKBlo.dll
c:\windows\system32\drivers\WlhCChbC.exe
c:\windows\system32\drivers\WlHFagLc.exe
c:\windows\system32\drivers\WMEsbNCtO.dll
c:\windows\system32\drivers\WPANUpF.dll
c:\windows\system32\drivers\WQgXmbC.exe
c:\windows\system32\drivers\WrWgPXTT.exe
c:\windows\system32\drivers\WUkFga.exe
c:\windows\system32\drivers\xCYlPwqpx.exe
c:\windows\system32\drivers\XhYueoBW.dll
c:\windows\system32\drivers\xiXgtmcwU.exe
c:\windows\system32\drivers\xJogtflHF.dll
c:\windows\system32\drivers\xknMmbt.dll
c:\windows\system32\drivers\Xpeal.exe
c:\windows\system32\drivers\XQtoTlB.exe
c:\windows\system32\drivers\xXxnqA.exe
c:\windows\system32\drivers\YAxVsvNlS.dll
c:\windows\system32\drivers\yejdKDa.exe
c:\windows\system32\drivers\yNvFDYE.dll
c:\windows\system32\drivers\YPiYqVSv.dll
c:\windows\system32\drivers\YprHCVfGC.exe
c:\windows\system32\drivers\YQbbrwx.dll
c:\windows\system32\drivers\YSUgbWUSD.dll
c:\windows\system32\drivers\yvcFDcJ.exe
c:\windows\system32\drivers\YVQnV.dll
c:\windows\system32\drivers\YwuhioCR.dll
c:\windows\system32\drivers\YYgRs.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\dWBuxF.exe
c:\windows\system32\dwpaixk.dll
c:\windows\system32\edNBu.exe
c:\windows\system32\EDYkSilX.dll
c:\windows\system32\eejoIsp.exe
c:\windows\system32\ehWkftLjI.exe
c:\windows\system32\EJjRo.exe
c:\windows\system32\ElMtQcGW.dll
c:\windows\system32\eyavQ.dll
c:\windows\system32\FBrUsIouH.exe
c:\windows\system32\fjcKUewn.exe
c:\windows\system32\flIYlYPtW.dll
c:\windows\system32\Flwor.dll
c:\windows\system32\FOTkgSON.exe
c:\windows\system32\fwQqdBK.dll
c:\windows\system32\fYRdTHX.exe
c:\windows\system32\GAnOey.exe
c:\windows\system32\gbvPKKaJW.exe
c:\windows\system32\gFfbWve.dll
c:\windows\system32\ghDhBTtd.dll
c:\windows\system32\gHpgC.exe
c:\windows\system32\GpKYH.dll
c:\windows\system32\GPtvu.exe
c:\windows\system32\gqMdqMOt.exe
c:\windows\system32\GRctRMuXr.dll
c:\windows\system32\GsWSF.dll
c:\windows\system32\gXCoKmn.dll
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxciicctbrvoisqbqnltfredsepqwtdhmpm.dll
c:\windows\System32\gxvxctnfrfxetxiavnsvoqnipmsyupeehrkup.dll
c:\windows\system32\GYGHf.exe
c:\windows\system32\HclrIKaGR.dll
c:\windows\system32\HkXPS.dll
c:\windows\system32\Hlhnyr.exe
c:\windows\system32\hPKyoMUPw.exe
c:\windows\system32\hrirfrh.exe
c:\windows\system32\HTyAaEEW.dll
c:\windows\system32\HvljOQAuD.dll
c:\windows\system32\iBbatL.exe
c:\windows\system32\ICsIqDcdt.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\iFbJMT.exe
c:\windows\system32\IGhTDt.dll
c:\windows\system32\IhHNOdy.exe
c:\windows\system32\iIKscV.exe
c:\windows\system32\ikaYRGBuq.dll
c:\windows\system32\INOsTttp.dll
c:\windows\system32\isPSsos.exe
c:\windows\system32\IXKOOWX.exe
c:\windows\system32\iYhecNi.exe
c:\windows\system32\JbSLQDoCp.exe
c:\windows\system32\JCFyYKhs.dll
c:\windows\system32\jdFSG.dll
c:\windows\system32\JEkrPy.exe
c:\windows\system32\JFRCTJ.dll
c:\windows\system32\JkALgNGI.dll
c:\windows\system32\JlbyxCU.exe
c:\windows\system32\JOjYVDp.exe
c:\windows\system32\jqQuTaYbc.dll
c:\windows\system32\JUgMpp.exe
c:\windows\system32\jurBO.dll
c:\windows\system32\kAtQnJ.exe
c:\windows\system32\Kcing.exe
c:\windows\system32\KkmXoqw.exe
c:\windows\system32\kobMLcgGa.dll
c:\windows\system32\koOEtyVeX.dll
c:\windows\system32\KOxLo.exe
c:\windows\system32\kwnwuAmw.dll
c:\windows\system32\lbhOfoT.dll
c:\windows\system32\LmtByGhC.dll
c:\windows\system32\LMwFom.dll
c:\windows\system32\LpbkQRuEP.exe
c:\windows\system32\lSOjQ.dll
c:\windows\system32\mdBkrlt.dll
c:\windows\system32\MDqLuahF.dll
c:\windows\system32\mFGQFEQCm.exe
c:\windows\system32\moXjGFHOV.dll
c:\windows\system32\MqJkhRc.exe
c:\windows\system32\MtknIqDpf.dll
c:\windows\system32\MYKMMCe.exe
c:\windows\system32\MYrRd.exe
c:\windows\system32\nCfnmx.exe
c:\windows\system32\NCRMjLpr.exe
c:\windows\system32\nGCuDBWW.dll
c:\windows\system32\NhkITTiwp.dll
c:\windows\system32\NighN.exe
c:\windows\system32\nmNjI.exe
c:\windows\system32\NokfLjR.dll
c:\windows\system32\nScWVWv.dll
c:\windows\system32\NtRrQxW.exe
c:\windows\system32\NwcdiJ.dll
c:\windows\system32\nwygnvAw.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\OeHobgTx.exe
c:\windows\system32\OExWqnKEF.exe
c:\windows\system32\oFiVOUNif.exe
c:\windows\system32\Ohwut.exe
c:\windows\system32\ojmhVtd.dll
c:\windows\system32\OJvvKK.dll
c:\windows\system32\oMbbxXHT.exe
c:\windows\system32\OnAeny.exe
c:\windows\system32\OOEclUEQ.dll
c:\windows\system32\OpEXVj.dll
c:\windows\system32\oRdBGvekG.dll
c:\windows\system32\orodQaSt.dll
c:\windows\system32\oTbVBBiTi.dll
c:\windows\system32\pcIqKFG.exe
c:\windows\system32\PDUGMps.exe
c:\windows\system32\PfpUFp.dll
c:\windows\system32\PHJVNrI.exe
c:\windows\system32\PKDCHAVOg.dll
c:\windows\system32\PMuLwBkJ.exe
c:\windows\system32\PNFcOFVD.dll
c:\windows\system32\Process.exe
c:\windows\system32\PUOaK.dll
c:\windows\system32\pVCiwK.exe
c:\windows\system32\PYvUoisI.dll
c:\windows\system32\qdkQXj.dll
c:\windows\system32\QEcuYSyL.dll
c:\windows\system32\qekMr.exe
c:\windows\system32\qLAuWK.exe
c:\windows\system32\QNkEfBp.dll
c:\windows\system32\QPOvepwdf.dll
c:\windows\system32\qquwLvQ.dll
c:\windows\system32\qTMpu.dll
c:\windows\system32\QTYIAUAV.dll
c:\windows\system32\qVAytItFC.exe
c:\windows\system32\QWttx.dll
c:\windows\system32\QYoHi.dll
c:\windows\system32\rcslQs.exe
c:\windows\system32\rDuPnD.exe
c:\windows\system32\RETdX.dll
c:\windows\system32\RMhsv.dll
c:\windows\system32\RPBVPM.exe
c:\windows\system32\RqiALOPO.dll
c:\windows\system32\rrJurp.dll
c:\windows\system32\rYRMIPIK.exe
c:\windows\system32\RYxRADTk.exe
c:\windows\system32\SKhCkj.dll
c:\windows\system32\skJPvUl.exe
c:\windows\system32\spxnLhgFG.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\SRYLONJWg.exe
c:\windows\system32\StCkIqFL.exe
c:\windows\system32\tBCYY.dll
c:\windows\system32\tcbRFE.exe
c:\windows\system32\TgxXrvvXx.dll
c:\windows\system32\tIygPGl.exe
c:\windows\system32\TLOoX.exe
c:\windows\system32\tmp.reg
c:\windows\system32\TrLxgnFe.dll
c:\windows\system32\TSjJQocvT.exe
c:\windows\system32\TVhDgSSY.dll
c:\windows\system32\tWthstQYq.exe
c:\windows\system32\UKHqB.exe
c:\windows\system32\umgYBu.dll
c:\windows\system32\UrVrwY.exe
c:\windows\system32\UYChJQK.dll
c:\windows\system32\VACFix.exe
c:\windows\system32\vaWhgISqL.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\VDpaRVE.exe
c:\windows\system32\VIhKSsUJc.exe
c:\windows\system32\vJCYkGWN.dll
c:\windows\system32\VqoPFJBN.dll
c:\windows\system32\VtyWSM.exe
c:\windows\system32\WAXeXRcq.dll
c:\windows\system32\wBBDoYBJ.exe
c:\windows\system32\wdTaIWSaR.exe
c:\windows\system32\WFsyyk.exe
c:\windows\system32\wGrsmJNwR.dll
c:\windows\system32\WPIHDF.dll
c:\windows\system32\WpiNxCC.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\wTTOxtE.exe
c:\windows\system32\wWEoRqtj.exe
c:\windows\system32\WYfROuCsC.dll
c:\windows\system32\xJTByGS.exe
c:\windows\system32\XlLci.dll
c:\windows\system32\xNmnxIO.dll
c:\windows\system32\XOVHji.exe
c:\windows\system32\XSyKf.dll
c:\windows\system32\XwVrV.exe
c:\windows\system32\xYipo.exe
c:\windows\system32\YCaUFr.dll
c:\windows\system32\YDVYVUHH.dll
c:\windows\system32\YFDoTkqCd.dll
c:\windows\system32\YFvbTJl.exe
c:\windows\system32\YNTnSbxn.dll
c:\windows\system32\YpBjgtC.dll
c:\windows\system32\YWnokGT.exe
c:\windows\system32\YWVWXS.dll
c:\windows\system32\zip32.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\tDkeaw.exe
c:\windows\TfOsOHfk.exe
c:\windows\TIuJI.exe
c:\windows\tlAfw.exe
c:\windows\tlqbh.dll
c:\windows\tMslgsIJj.exe
c:\windows\tQDhAGtO.dll
c:\windows\tqKbAm.exe
c:\windows\tSyJJKnHR.dll
c:\windows\ttTki.dll
c:\windows\tYbcyW.dll
c:\windows\UcgwlCemW.exe
c:\windows\uELeoW.dll
c:\windows\UGYLi.exe
c:\windows\uIryAcsd.dll
c:\windows\UleoiirJA.dll
c:\windows\UmhfEdl.dll
c:\windows\uSbpGo.exe
c:\windows\uwiwW.exe
c:\windows\vBbSjQfD.exe
c:\windows\VeHUHnS.dll
c:\windows\veXQl.exe
c:\windows\VfXNJcb.dll
c:\windows\vGrXOXep.dll
c:\windows\vjSAjCL.dll
c:\windows\VLRcOsLy.exe
c:\windows\VnKYe.dll
c:\windows\VNsRIH.dll
c:\windows\vQiEKAF.exe
c:\windows\Vqnhnk.dll
c:\windows\vrlwUL.exe
c:\windows\vwplb.dll
c:\windows\vXxmFV.dll
c:\windows\wbaPWx.exe
c:\windows\WFjIBLBo.exe
c:\windows\wgLVDMP.exe
c:\windows\WJrsmQ.exe
c:\windows\wRlSqV.dll
c:\windows\WsvDjcvst.dll
c:\windows\WuxuV.dll
c:\windows\WvDoxr.dll
c:\windows\WxEMD.dll
c:\windows\XAhNEn.dll
c:\windows\xbDqod.exe
c:\windows\XcnxFD.exe
c:\windows\XcXeUv.exe
c:\windows\xDabEurxs.dll
c:\windows\Xenewkg.exe
c:\windows\xEwEYSNM.dll
c:\windows\xhrnIkbGC.exe
c:\windows\xjacUukqT.dll
c:\windows\XJJTrbWD.dll
c:\windows\xkcDp.dll
c:\windows\xLbxgjOCE.dll
c:\windows\XlChfn.dll
c:\windows\xrhxJQYL.dll
c:\windows\XtOBqBrr.dll
c:\windows\xWMQxOI.exe
c:\windows\XYiYwf.exe
c:\windows\yFahVDjmJ.exe
c:\windows\yfunt.exe
c:\windows\ygJpGxEfX.exe
c:\windows\yJIefiDEW.dll
c:\windows\YlTJRPXCN.dll
c:\windows\YOcYYByI.dll
c:\windows\yqcAISVT.exe
c:\windows\Yqift.exe
c:\windows\YQiHGSB.dll
c:\windows\YssBsGg.dll
c:\windows\YtWFvUq.dll
c:\windows\yWEjs.exe
c:\windows\yyqayFaY.exe
D:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys
-------\Legacy_gxvxcserv.sys

((((((((((((((((((((((( Dateien erstellt von 2010-03-24 bis 2010-04-24 ))))))))))))))))))))))))))))))
.

2010-04-24 16:53 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 16:53 . 2010-04-24 16:53 -------- d-----w- c:\programdata\Malwarebytes
2010-04-24 16:53 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 21:13 . 2010-04-23 21:13 -------- d-----w- C:\_OTL
2010-04-22 20:01 . 2010-04-24 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 12:55 . 2010-04-21 12:55 -------- d-----w- c:\program files\Trend Micro
2010-04-20 15:14 . 2010-04-20 15:14 -------- d-----w- c:\windows\Sun
2010-04-18 13:54 . 2010-04-18 13:54 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-04-18 13:52 . 2010-04-18 13:52 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-04-18 13:52 . 2010-04-18 13:52 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-04-18 13:52 . 2010-04-18 13:52 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-04-18 13:52 . 2010-04-18 13:52 -------- d-----w- c:\program files\Sony Ericsson
2010-04-15 14:09 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 14:09 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 14:09 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 14:09 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 14:09 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 14:09 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 14:09 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 14:09 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 14:09 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 12:54 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 12:54 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-08 18:59 . 2010-04-08 18:59 -------- d-----w- c:\program files\RdDrv001
2010-03-31 14:41 . 2010-03-31 14:41 -------- d-----w- c:\program files\DeskTask
2010-03-28 17:26 . 2010-04-02 10:13 -------- d-----w- c:\users\Marius\AppData\Roaming\skypePM
2010-03-28 17:24 . 2010-04-02 11:30 -------- d-----w- c:\users\Marius\AppData\Roaming\Skype
2010-03-28 17:24 . 2010-03-28 17:24 -------- d-----w- c:\program files\Common Files\Skype
2010-03-28 17:24 . 2010-04-20 16:28 -------- d-----r- c:\program files\Skype
2010-03-28 17:23 . 2010-03-28 17:24 -------- d-----w- c:\programdata\Skype

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 20:15 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-04-24 20:15 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat
2010-04-24 20:02 . 2009-02-28 12:29 1 ----a-w- c:\users\Marius\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-24 19:26 . 2009-09-23 19:57 -------- d-----w- c:\users\Marius\AppData\Roaming\vlc
2010-04-22 13:51 . 2009-09-23 19:57 -------- d-----w- c:\users\Marius\AppData\Roaming\dvdcss
2010-04-21 13:13 . 2009-09-13 13:49 -------- d-----w- c:\programdata\HDBR31
2010-04-20 16:29 . 2009-03-07 12:24 -------- d-----w- c:\program files\UltraStar
2010-04-20 16:28 . 2009-03-06 13:31 -------- d-----w- c:\program files\KaraFun
2010-04-18 13:58 . 2010-04-18 13:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-04-18 13:58 . 2010-04-18 13:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-04-17 11:28 . 2009-02-20 21:02 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-04-16 22:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 13:18 . 2008-10-10 13:25 -------- d-----w- c:\programdata\Microsoft Help
2010-04-05 19:23 . 2009-03-18 16:33 -------- d-----w- c:\program files\PokerStars.NET
2010-03-28 17:26 . 2010-03-28 17:26 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-03-09 16:28 . 2010-03-31 10:37 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-31 10:37 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-31 10:37 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-05 19:20 . 2010-03-05 19:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-05 19:20 . 2009-02-16 14:38 -------- d-----w- c:\users\Marius\AppData\Roaming\Apple Computer
2010-03-03 13:50 . 2009-03-27 14:29 -------- d-----w- c:\users\Marius\AppData\Roaming\ICQ
2010-03-02 16:26 . 2009-03-19 13:11 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-01 20:16 . 2010-03-01 20:16 -------- d-----w- c:\program files\Microsoft
2010-03-01 20:16 . 2010-03-01 20:15 -------- d-----w- c:\program files\Windows Live
2010-03-01 20:15 . 2010-03-01 20:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-01 20:12 . 2010-03-01 20:12 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-28 19:23 . 2010-02-28 19:23 -------- d-----w- c:\programdata\Avira
2010-02-26 13:54 . 2009-02-09 19:24 75320 ----a-w- c:\users\Marius\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 13:46 . 2008-10-10 13:27 -------- d-----w- c:\program files\Microsoft Works
2010-02-24 21:48 . 2008-10-10 13:20 -------- d-----w- c:\programdata\Nero
2010-02-24 21:48 . 2008-10-10 13:20 -------- d-----w- c:\program files\Common Files\Nero
2010-02-24 18:21 . 2010-02-24 18:21 -------- d-----w- c:\programdata\STOPzilla!
2010-02-20 23:39 . 2010-03-11 14:28 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-11 14:28 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-11 14:28 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 12:41 . 2010-02-18 12:41 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-12 10:48 . 2010-03-12 15:38 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:48 . 2010-02-25 23:52 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-25 23:52 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-25 23:52 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-25 23:52 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-25 23:52 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-25 23:52 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-25 23:52 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-25 23:52 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-25 23:52 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-09-19 22:15 . 2010-03-01 19:37 68359 ----a-w- c:\program files\3.exe
2001-02-08 13:52 . 2001-02-08 13:52 24576 --sha-w- c:\windows\System32\comsysh.exe
2006-05-03 09:06 . 2009-10-31 14:52 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-10-31 14:52 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-10-31 14:52 216064 --sh--r- c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_winadm]
2008-06-03 18:00 1134592 ---ha-w- c:\windows\System32\winadm.exe

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-04-18 13224]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-06-26 337920]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-04-18 27632]

.
Inhalt des "geplante Tasks" Ordners

2009-10-18 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-10-17 15:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.partyfans.com/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\7c6qlmo8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.partyfans.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NPCTray - c:\program files\Norman\npc\bin\npc_tray.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
MSConfigStartUp-Canaveral - c:\windows\system32\sshnas21.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-24 22:54
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\undpjwpxfoefrxi]
"imagepath"="\??\c:\windows\TEMP\B8F2.tmp"
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\system32\conime.exe
c:\program files\FSC OSD Utility\OSDUtility.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-04-24 23:00:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-04-24 21:00

Vor Suchlauf: 20 Verzeichnis(se), 30.572.519.424 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 30.208.741.376 Bytes frei

- - End Of File - - E6A3D0F9686A095E1C56F37B86146BF8

cosinus · 25.04.2010, 13:43

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

http://www.trojaner-board.de/85202-google-und-iexplorer-oeffnen-werbeseiten-avir-meldet-viren-hijack-funktioniert-nicht.html

Collect::
c:\program files\3.exe
c:\windows\System32\comsysh.exe

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\undpjwpxfoefrxi]

File::
c:\windows\TEMP\B8F2.tmp

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

jejapalli · 25.04.2010, 14:40

Jetzt kann ich allerdings CFScript.txt nicht auf cofi.exe ziehen, weil dann eben wieder diese Fehlermeldung ("Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde." ) kommt. Ich kann all meine Programme nur als Admin ausführen, und diese Option ist bei Rechtsklick auf CFScript.txt nicht vorhanden.

Auch wenn ich das Administratoren-Konto auf cmd.exe aktiviere, kommt diese Meldung bei jeder Programmöffnung.

Aber zur Abwechslung mal was Positives:
Internet Explorer öffnet sich nicht mehr ungewollt und Google leitet nicht mehr auf Werbeseiten um, und Avira meldet nur noch sehr selten einen Virus.

cosinus · 25.04.2010, 14:52

Zitat:

und diese Option ist bei Rechtsklick auf CFScript.txt nicht vorhanden.

Eine Textdatei kann man auch schlecht ausführen

Dann mach es mitm Avenger:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:

Code:

ATTFilter

Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\undpjwpxfoefrxi

Files to delete:
c:\windows\TEMP\B8F2.tmp
c:\program files\3.exe
c:\windows\System32\comsysh.exe

4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken

jejapalli · 25.04.2010, 16:31

Hier der Log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\undpjwpxfoefrxi" deleted successfully.

Error: file "c:\windows\TEMP\B8F2.tmp" not found!
Deletion of file "c:\windows\TEMP\B8F2.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\program files\3.exe" deleted successfully.
File "c:\windows\System32\comsysh.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

...und hier der Link:
File-Upload.net - backup.zip

Gruß,
Marius

24.04.2010, 15:24	#7
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Google und IExplorer öffnen Werbeseiten, AVir meldet Viren, HiJack funktioniert nicht Kannst Du jetzt Malwarebytes starten? Falls das wieder nicht klappt => http://www.trojaner-board.de/82699-m...tet-nicht.html Denk dann an die Signaturen (Malwarebytes aktualisieren) und an den Vollscan. __________________ Logfiles bitte immer in CODE-Tags posten

Google und IExplorer öffnen Werbeseiten, AVir meldet Viren, HiJack funktioniert nicht

Antiviren-, Firewall- und andere Schutzprogramme: Google und IExplorer öffnen Werbeseiten, AVir meldet Viren, HiJack funktioniert nicht