Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   google leitet auf andere seiten ("zwischen-url webplains) (https://www.trojaner-board.de/105437-google-leitet-andere-seiten-zwischen-url-webplains.html)

Karin49ers 25.11.2011 22:20
google leitet auf andere seiten ("zwischen-url webplains)
 
Nach dem Anklicken der von google oder von anderen Suchmaschinen zur Verfügung gestellten links erscheint kurz die url webplains. Danach wird automatisch zu verschiedenen Werbeseiten weitergeleitet. Hatte vor ca. 14 Tagen den "BKA -Trojaner", und dachte diesen über malwarebytes erfolgreich gelöscht zu haben, eventuell doch nicht,...
Die Fehlermeldung die ich von defogger bekomme und die logfile extra und otl als zip.

Vielen vielen Dank schon mal im Voraus
Karin 49ers

cosinus 26.11.2011 14:09
Zitat:
über Malwarebytes erfolgreich gelöscht zu haben, eventuell doch nicht,...
Bitte alle Logs von Malwarebytes posten

Karin49ers 26.11.2011 14:24
Hallo Arne, vielen Dnak schon mal für deine Antwort, hier die gesammelten Dateien:
LG Karin49ers


Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8184

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.11.2011 21:22:57
mbam-log-2011-11-23 (21-22-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 187445
Laufzeit: 3 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8226

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.11.2011 21:25:22
mbam-log-2011-11-23 (21-25-22).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 189013
Laufzeit: 1 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8226

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.11.2011 23:18:50
mbam-log-2011-11-23 (23-18-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 181993
Laufzeit: 1 Stunde(n), 53 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8239

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

25.11.2011 20:25:56
mbam-log-2011-11-25 (20-25-56).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 187590
Laufzeit: 5 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8245

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

26.11.2011 13:34:52
mbam-log-2011-11-26 (13-34-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 413224
Laufzeit: 2 Stunde(n), 23 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

21:15:19 Christian ERROR IsValidLicenseKey failed with error code 13
21:15:19 Christian MESSAGE Protection stopped
23:44:47 Christian ERROR IsValidLicenseKey failed with error code 13
23:44:48 Christian MESSAGE Protection stopped

10:40:43 Christian ERROR IsValidLicenseKey failed with error code 13
10:40:43 Christian MESSAGE Protection stopped

20:05:50 Christian ERROR IsValidLicenseKey failed with error code 13
20:05:50 Christian MESSAGE Protection stopped

10:53:10 (null) ERROR IsValidLicenseKey failed with error code 13
10:53:10 (null) MESSAGE Protection stopped
13:59:42 (null) ERROR IsValidLicenseKey failed with error code 13
13:59:42 (null) MESSAGE Protection stopped

cosinus 26.11.2011 14:25
Was hat Malwarebytes denn jetzt gelöscht? Du hast nur Logs ohne Funde gepostet.

Karin49ers 26.11.2011 14:43
Hallo Arne, leider hat malwarebytes dieses logfile wohl nicht mehr, wie gesagt muss ca. 3-4 Wochen her sein, erst kam Meldung dass etwas unter Quarantäne gestellt wurde, und danach habe ich es gelöscht, unmittelbar danach war BKA Trojaner weg, dann in der Woche danach kam das mit der Weiterleitung der Seiten, auch da hatte malware dann was gefunden, beim Testen danach war auch das Porblem mit der weiterleitung weg, aber eben beim neustart wieder da, sorry kann es nicht besser beschreiben
lg Karin49ers

cosinus 26.11.2011 15:23
Warum schaust du nicht einfach mal im Reiter Logdateien nach? Malwarebytes speichert da alle Logfiles und löscht sie auch nicht

Karin49ers 27.11.2011 09:59
Sorry, da war dann wohl doch mcaffee der damalige Retter, das Protokoll habe ich in der Datei angehängt.
Von Malewarebytes sind keine weiteren logs da, alles was in dem Reiter logfles war habe ich rein kopiert
LG Karin49ers

cosinus 27.11.2011 11:57
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Karin49ers 27.11.2011 18:17
Hallo Arne,
hier der Inhalt der log.txt

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=16bade026e08174f89fe7f9d55708dea
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-27 05:14:34
# local_time=2011-11-27 06:14:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 852181 22895950 0 0
# compatibility_mode=5893 16776574 100 94 3260168 74037956 0 0
# compatibility_mode=8192 67108863 100 0 3747 3747 0 0
# scanned=250066
# found=0
# cleaned=0
# scan_time=5968

cosinus 28.11.2011 11:00
Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Karin49ers 29.11.2011 19:46
Hallo Arne, hier die gewünschte OTL-Text:
LG karin49ersOTL Logfile:
Code:
OTL logfile created on: 29.11.2011 18:54:16 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,57 Gb Available Physical Memory | 76,21% Memory free
11,99 Gb Paging File | 9,91 Gb Available in Paging File | 82,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 275,69 Gb Free Space | 61,12% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.25 20:36:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.09.10 19:08:26 | 000,347,008 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\GameXN\GameXNGO.exe
PRC - [2011.07.16 10:56:22 | 000,024,992 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2011.07.16 10:52:16 | 000,282,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
PRC - [2011.04.14 17:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.04.14 07:22:08 | 012,036,968 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
PRC - [2011.03.09 13:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011.03.09 13:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.02.09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.06.25 03:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009.06.24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009.06.19 04:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009.06.09 17:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2009.06.05 02:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.23 23:45:58 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.10.15 13:21:33 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\aab1c287bc73a03c51b55fb3f102c27e\System.ServiceProcess.ni.dll
MOD - [2011.10.15 13:19:17 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\44d18693baaee5ee0e6f6fd4910e8f81\System.Runtime.Remoting.ni.dll
MOD - [2011.10.15 09:27:39 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011.10.13 18:13:54 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a512243ee9900e621fb8cd990a9c679d\System.Web.Services.ni.dll
MOD - [2011.10.13 18:12:49 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.13 18:12:35 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.13 18:12:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.13 18:11:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.13 18:11:46 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.13 18:10:39 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.10.13 09:30:44 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011.10.13 09:30:39 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011.10.13 09:30:37 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
MOD - [2011.10.13 09:30:32 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
MOD - [2011.10.13 09:30:23 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
MOD - [2011.10.13 09:30:22 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011.10.13 09:30:19 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011.10.13 09:30:12 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011.10.03 04:05:36 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.14 17:40:02 | 001,874,904 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.02.09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010.02.09 12:34:00 | 000,365,888 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
MOD - [2010.02.09 12:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010.02.09 12:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010.02.09 12:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010.02.09 12:34:00 | 000,046,400 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
MOD - [2010.02.09 12:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
MOD - [2009.09.11 19:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009.06.19 04:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.10.18 17:01:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011.10.18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011.10.18 14:23:06 | 000,199,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009.06.29 05:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.06.25 11:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.08.31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.16 10:56:22 | 000,024,992 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2011.07.16 10:56:18 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011.03.09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.09 17:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.06.05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011.10.15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011.10.15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011.10.15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011.08.31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.29 05:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.06.25 12:26:10 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.06.25 12:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.14 01:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2009.05.08 09:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2008.05.14 19:31:58 | 000,644,608 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008.05.14 19:31:32 | 000,352,384 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV - [2011.10.06 01:47:34 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV - [2009.12.09 18:06:26 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011.11.17 20:51:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.17 20:42:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2009.12.09 17:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2009.12.09 17:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.10.26 20:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kmfc5jwi.default\extensions
[2011.10.26 20:37:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kmfc5jwi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.10.28 21:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.28 21:36:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.06.24 19:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.06.24 19:57:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.11.17 20:51:42 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2011.04.14 17:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.31 19:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20111117204822.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files (x86)\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111117204822.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files (x86)\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files (x86)\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [GameXN] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{814C7127-B6BE-46F5-BAD2-4DD61DE5EDF1}: DhcpNameServer = 172.168.1.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9951588-326A-43DF-965E-E0EA04AC8E46}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\toolbarchrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\toolbarchrome {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - C:\Program Files (x86)\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: mfevtp - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.29 18:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.11.27 16:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.11.27 16:31:18 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2011.11.27 11:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.26 13:10:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.25 21:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011.11.25 20:35:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011.11.23 21:58:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Microsoft Help
[2011.11.20 17:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.11.20 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.13 09:48:53 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\fltk.org
[2011.11.10 19:37:05 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Subversion
[2011.11.10 19:35:05 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.11.10 19:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011.11.10 19:35:04 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.11.10 19:35:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\flightgear.org
[2011.11.10 19:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlightGear 2.4.0
[2011.11.10 19:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlightGear 2.4.0
[2011.11.06 14:28:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\ArcSoft
[2011.11.06 14:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2011.11.06 14:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression 2
[2011.11.06 14:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2011.11.06 14:25:06 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2011.11.06 14:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2011.11.06 14:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2011.11.06 14:24:44 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\ArcSoft
[2011.11.05 09:03:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\UpdateTemp1655981977
[2009.12.07 21:19:08 | 008,656,832 | ---- | C] (Dell, Inc.                                                  ) -- C:\Users\Christian\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Users\Christian\Documents\*.tmp files -> C:\Users\Christian\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.29 18:56:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.29 18:48:58 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.29 18:48:58 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.29 18:40:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.29 18:40:33 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011.11.29 18:40:19 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.11.29 18:40:19 | 000,000,326 | -HS- | M] () -- C:\Windows\tasks\siaxtmmr.job
[2011.11.29 18:40:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.29 18:40:07 | 534,003,711 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.27 18:00:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Christian.job
[2011.11.27 16:31:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2011.11.27 11:00:30 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.27 09:28:10 | 000,177,968 | ---- | M] () -- C:\Users\Christian\Documents\mcaffee.xps
[2011.11.25 20:36:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011.11.25 20:34:48 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger(2).exe
[2011.11.25 20:31:03 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable
[2011.11.23 23:41:12 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.11.23 22:10:00 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.23 22:10:00 | 000,654,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.23 22:10:00 | 000,616,030 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.23 22:10:00 | 000,130,028 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.23 22:10:00 | 000,106,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.20 21:23:40 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.11.20 17:54:20 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.20 17:46:49 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.11.16 16:06:41 | 000,000,000 | ---- | M] () -- C:\Users\Christian\AppData\Local\{29A8259F-3B92-4127-9439-25A8622477AE}
[2011.11.10 19:35:05 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.11.10 19:35:04 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.11.10 19:34:59 | 000,001,224 | ---- | M] () -- C:\Users\Christian\Desktop\FlightGear 2.4.0.lnk
[2011.11.10 18:52:12 | 000,076,248 | ---- | M] () -- C:\Users\Christian\Documents\skype-extras (jobstimuc).support
[2011.11.09 14:37:52 | 000,388,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.06 14:26:59 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Media Impression 2.lnk
[2011.11.06 14:12:26 | 000,000,000 | ---- | M] () -- C:\Users\Christian\AppData\Local\{CC95D50E-6180-48EB-AED6-3D492E062551}
[1 C:\Users\Christian\Documents\*.tmp files -> C:\Users\Christian\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.27 11:00:30 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.27 09:28:09 | 000,177,968 | ---- | C] () -- C:\Users\Christian\Documents\mcaffee.xps
[2011.11.25 20:34:48 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger(2).exe
[2011.11.25 20:31:03 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable
[2011.11.20 17:54:20 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.20 17:46:49 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.11.16 16:06:41 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\{29A8259F-3B92-4127-9439-25A8622477AE}
[2011.11.10 19:34:59 | 000,001,224 | ---- | C] () -- C:\Users\Christian\Desktop\FlightGear 2.4.0.lnk
[2011.11.10 18:52:04 | 000,076,248 | ---- | C] () -- C:\Users\Christian\Documents\skype-extras (jobstimuc).support
[2011.11.06 14:26:59 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression 2.lnk
[2011.11.06 14:12:26 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\{CC95D50E-6180-48EB-AED6-3D492E062551}
[2011.10.20 23:51:04 | 000,061,952 | RHS- | C] () -- C:\Windows\SysWow64\QuickTime2.dll
[2011.10.17 20:32:11 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\{13A9B3B3-C225-4F35-BB87-5C8D22D6C592}
[2011.10.16 16:33:56 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\{0649EC31-ACB7-4A75-93FD-4793D00B6F3C}
[2011.09.14 20:27:42 | 000,000,008 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\019wi1f4epltx3bi.dat
[2011.08.15 17:39:56 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\{2E834998-BA48-486C-B398-231F00118E0E}
[2011.05.11 18:55:31 | 000,003,584 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.12 16:05:15 | 005,640,880 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2009.12.12 16:05:15 | 000,015,347 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2009.12.12 12:09:39 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009.12.12 12:08:05 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.12.09 18:07:09 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.12.09 17:54:46 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.12.07 19:57:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.01 14:55:11 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009.12.01 07:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2009.12.07 22:37:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canon
[2011.11.10 20:07:33 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\flightgear.org
[2011.11.13 09:48:53 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\fltk.org
[2011.06.17 17:28:58 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GARMIN
[2011.11.29 18:41:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\go
[2010.03.14 18:46:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MAGIX
[2010.12.13 19:35:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PCDr
[2010.06.19 15:37:53 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PTV AG
[2011.08.15 09:19:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung
[2011.11.10 19:37:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Subversion
[2009.12.09 17:37:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TomTom
[2011.11.05 09:03:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\UpdateTemp1655981977
[2011.11.23 23:41:12 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.09.21 18:23:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.29 18:40:19 | 000,000,326 | -HS- | M] () -- C:\Windows\Tasks\siaxtmmr.job
[2011.11.29 18:40:19 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.12.12 16:05:16 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AccurateRip
[2009.12.12 11:48:33 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Adobe
[2011.11.26 14:17:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Apple Computer
[2011.11.06 14:28:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ArcSoft
[2009.12.07 19:00:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ATI
[2009.12.07 22:37:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canon
[2011.04.09 09:29:45 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Creative
[2010.03.14 19:43:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\CyberLink
[2011.05.26 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Dell
[2011.11.10 20:07:33 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\flightgear.org
[2011.11.13 09:48:53 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\fltk.org
[2011.06.17 17:28:58 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GARMIN
[2011.11.29 18:41:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\go
[2009.12.07 19:17:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Google
[2009.12.07 18:59:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Identities
[2009.12.07 19:01:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Macromedia
[2010.03.14 18:46:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MAGIX
[2011.09.14 21:04:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Center Programs
[2011.08.18 22:17:34 | 000,000,000 | --SD | M] -- C:\Users\Christian\AppData\Roaming\Microsoft
[2011.06.24 19:57:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla
[2010.12.13 19:35:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PCDr
[2010.06.19 15:37:53 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PTV AG
[2009.12.07 19:00:06 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Roxio
[2011.08.15 09:19:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung
[2011.11.29 18:54:29 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Skype
[2011.11.29 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\skypePM
[2011.11.10 19:37:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Subversion
[2009.12.09 17:37:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TomTom
[2011.11.05 09:03:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\UpdateTemp1655981977
[2010.12.30 21:00:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WinRAR
[2011.05.11 18:55:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2010.04.30 18:06:40 | 008,656,832 | ---- | M] (Dell, Inc.                                                  ) -- C:\Users\Christian\AppData\Roaming\DataSafeDotNet.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Drivers\storage\R228436\f6flpy64\IaStor.sys
[2009.06.05 01:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 01:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys
[2011.06.15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) MD5=4F6FB2CDBDEEFC47E7D2066E78254580 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.06.15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) MD5=4F6FB2CDBDEEFC47E7D2066E78254580 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e752014ccfa80474\iaStor.sys
[2009.06.05 01:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.10.20 23:51:04 | 000,061,952 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\QuickTime2.dll

< End of report >
--- --- ---

Karin49ers 29.11.2011 19:49
sorry doppelt gepostet

cosinus 30.11.2011 09:41
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
[2011.10.26 20:37:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kmfc5jwi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.06.24 19:57:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files (x86)\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files (x86)\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe File not found
[2011.11.29 18:40:19 | 000,000,326 | -HS- | M] () -- C:\Windows\tasks\siaxtmmr.job
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Karin49ers 02.12.2011 19:05
Hallo Arne, habe es noch nicht gemacht da mir nun mcaffee noch mal was ausgespucht hat:

und zwar nochmal den PWS-Spyeye!conf, brauchst Du screenshot oder soll ich einfach deine letzten Post durchführen?

LG Karin

cosinus 02.12.2011 20:08
Log dazu posten!!

Karin49ers 04.12.2011 11:01
Hallo Arne,
hier die neuen Logs,
Danke Dir

cosinus 04.12.2011 19:14
Die Dateien sind kaputt.
Speicher reinen Text bitte nicht in MS-Office-Dateien, das macht keinen Sinn! Nimm für reinen Text Editoren wie zB das Bordmittel bei Windows notepad oder den besseren Editor Notepad++

Karin49ers 08.12.2011 17:18
Hallo Arne,

hier der log über notepad.

die andere Datei war nur der screenshot von mcaffee

Lg karin

Sicherheitsbericht Dezember 4, 2011
Ihr Abonnement ist aktiv. Ihr Abonnement läuft in 369 Tagen ab.
Lizenz Lizenzen:1
Aktualisieren Letzte Aktualisierung:04.12.2011 09:56 Nächste Aktualisierung:04.12.2011 14:52
Scan-Bericht Letzter Scan:23.11.2011 23:39 Typ:Schnellscan Gescannte Elemente gesamt:5810
Scan-Aktivität Schnell:2 Vollständig:6 Benutzerdefiniert:0 Geplant:8 Rechtsklick:0 Neustart:0
Firewall Gesamtaktivität Zugelassene Programme:1203 Blockierte Programme:0 Entdeckte Eindringungsversuche:0 Risikoreiche Verbindungen versucht:0 Risikoreiche Verbindungen zugelassen:0 Risikoreiche Verbindungen blockiert:0
Anti-Spam Aktivitäten in den letzten 30 Tagen Gefilterte Spam-Nachrichten:0 Empfangene saubere Nachrichten:0

misp://reportframe.html/
Entdeckte Elemente Viren:0 Trojaner:12 Rootkits:0 Verfolgungs-Cookies:6370 Buffer Overflows:0 Potentiell unerwünschte Programme:0
Seite 1 von 2
04.12.2011



QuickClean Gesamtzahl der entfernten Elemente: 5032 Papierkorb:2 Temporäre Dateien:3625 Registrierung:307 Andere Systemdateien:26 Internet Explorer:23 Firefox:0 Chrome:0 Outlook:0 Windows Mail:0
Shredder Geschredderte Elemente gesamt:0
Mein Heimnetzwerk Entdeckte Eindringlinge:0 Vertrauensbeziehungen:0 Erkannte Probleme:0 Behobene Probleme:0

misp://reportfram

cosinus 08.12.2011 17:24
Mach mal den OTL fix

Karin49ers 08.12.2011 17:55
Hallo Arne,

hier die logs, nach dem Neustart:

All processes killed
========== OTL ==========
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kmfc5jwi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kmfc5jwi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kmfc5jwi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kmfc5jwi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kmfc5jwi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kmfc5jwi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5B291E6C-9A74-4034-971B-A4B007A0B315} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B291E6C-9A74-4034-971B-A4B007A0B315}\ deleted successfully.
C:\Program Files (x86)\RadioBar\toolbar.ni.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5B291E6C-9A74-4034-971B-A4B007A0B315} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B291E6C-9A74-4034-971B-A4B007A0B315}\ not found.
File C:\Program Files (x86)\RadioBar\toolbar.ni.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
C:\Windows\Tasks\siaxtmmr.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anna
->Temp folder emptied: 1211322 bytes
->Temporary Internet Files folder emptied: 400739 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 158578896 bytes
->Flash cache emptied: 1600 bytes

User: Christian
->Temp folder emptied: 9794054 bytes
->Temporary Internet Files folder emptied: 16506965 bytes
->Java cache emptied: 228479 bytes
->FireFox cache emptied: 243882935 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2396 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2522 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 411,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12082011_174418

Files\Folders moved on Reboot...
File\Folder C:\Users\Christian\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\64CV6YBX\4;j1=4;i0=3;n0=4;n1=3;a0=0;a1=1;b8=1;c0=2;c1=2;c2=2;d7=2;e8=0;f6=2;g1=1;g4=2;g5=2;ct=0;ct_s=1;z1=2;z2=2;ct_y=1;x9=1;x1=0;x5 =1;x3=1;x7=1;k6=0;x8=1;k8=1;x4=1;x6=1;x2=0[10].js not found!
File\Folder C:\Users\Christian\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\64CV6YBX\4;j1=4;i0=3;n0=4;n1=3;a0=0;a1=1;b8=1;c0=2;c1=2;c2=2;d7=2;e8=0;f6=2;g1=1;g4=2;g5=2;ct=0;ct_s=1;z1=2;z2=2;ct_y=1;x9=1;x1=0;x5 =1;x3=1;x7=1;k6=0;x8=1;k8=1;x4=1;x6=1;x2=0[11].js not found!
File\Folder C:\Users\Christian\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\5WMT1BHE\4;j1=4;i0=3;n0=4;n1=3;a0=0;a1=1;b8=1;c0=2;c1=2;c2=2;d7=2;e8=0;f6=2;g1=1;g4=2;g5=2;ct=0;ct_s=1;z1=2;z2=2;ct_y=1;x9=1;x1=0;x5 =1;x3=1;x7=1;k6=0;x8=1;k8=1;x4=1;x6=1;x2=0[10].js not found!
File\Folder C:\Users\Christian\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3MGXPS8R\4;j1=4;i0=3;n0=4;n1=3;a0=0;a1=1;b8=1;c0=2;c1=2;c2=2;d7=2;e8=0;f6=2;g1=1;g4=2;g5=2;ct=0;ct_s=1;z1=2;z2=2;ct_y=1;x9=1;x1=0;x5 =1;x3=1;x7=1;k6=0;x8=1;k8=1;x4=1;x6=1;x2=0[10].js not found!
File\Folder C:\Users\Christian\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3MGXPS8R\4;j1=4;i0=3;n0=4;n1=3;a0=0;a1=1;b8=1;c0=2;c1=2;c2=2;d7=2;e8=0;f6=2;g1=1;g4=2;g5=2;ct=0;ct_s=1;z1=2;z2=2;ct_y=1;x9=1;x1=0;x5 =1;x3=1;x7=1;k6=0;x8=1;k8=1;x4=1;x6=1;x2=0[11].js not found!
C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 08.12.2011 20:56
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Karin49ers 10.12.2011 10:39
hallo Arne hier der report aus dem Kaspersky tool
das lustige ist übrigens, dass die umleitung nur noch beim ersten anklicken eines links in google passiert, gehe ich dann zurück und klicke nochmal funktioniert es wieder
lg Karin

10:35:35.0735 3048 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
10:35:37.0739 3048 ============================================================
10:35:37.0739 3048 Current date / time: 2011/12/10 10:35:37.0739
10:35:37.0739 3048 SystemInfo:
10:35:37.0740 3048
10:35:37.0740 3048 OS Version: 6.1.7601 ServicePack: 1.0
10:35:37.0740 3048 Product type: Workstation
10:35:37.0740 3048 ComputerName: CHRISTIAN-PC
10:35:37.0741 3048 UserName: Christian
10:35:37.0741 3048 Windows directory: C:\Windows
10:35:37.0741 3048 System windows directory: C:\Windows
10:35:37.0741 3048 Running under WOW64
10:35:37.0741 3048 Processor architecture: Intel x64
10:35:37.0741 3048 Number of processors: 2
10:35:37.0741 3048 Page size: 0x1000
10:35:37.0741 3048 Boot type: Normal boot
10:35:37.0741 3048 ============================================================
10:35:38.0146 3048 Initialize success
10:36:21.0274 1500 ============================================================
10:36:21.0274 1500 Scan started
10:36:21.0274 1500 Mode: Manual; SigCheck; TDLFS;
10:36:21.0274 1500 ============================================================
10:36:21.0642 1500 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:36:21.0859 1500 1394ohci - ok
10:36:22.0047 1500 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:36:22.0068 1500 ACPI - ok
10:36:22.0123 1500 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:36:22.0270 1500 AcpiPmi - ok
10:36:22.0423 1500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:36:22.0483 1500 adp94xx - ok
10:36:22.0537 1500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:36:22.0594 1500 adpahci - ok
10:36:22.0646 1500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:36:22.0687 1500 adpu320 - ok
10:36:22.0721 1500 Afc - ok
10:36:22.0882 1500 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:36:23.0007 1500 AFD - ok
10:36:23.0142 1500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:36:23.0169 1500 agp440 - ok
10:36:23.0250 1500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:36:23.0285 1500 aliide - ok
10:36:23.0335 1500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:36:23.0353 1500 amdide - ok
10:36:23.0412 1500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:36:23.0518 1500 AmdK8 - ok
10:36:23.0643 1500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:36:23.0708 1500 AmdPPM - ok
10:36:23.0769 1500 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:36:23.0839 1500 amdsata - ok
10:36:23.0885 1500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:36:23.0939 1500 amdsbs - ok
10:36:23.0960 1500 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:36:24.0017 1500 amdxata - ok
10:36:24.0067 1500 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:36:24.0331 1500 AppID - ok
10:36:24.0510 1500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:36:24.0544 1500 arc - ok
10:36:24.0555 1500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:36:24.0575 1500 arcsas - ok
10:36:24.0616 1500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:36:24.0764 1500 AsyncMac - ok
10:36:24.0899 1500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:36:24.0915 1500 atapi - ok
10:36:25.0117 1500 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
10:36:25.0474 1500 atikmdag - ok
10:36:25.0669 1500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:36:25.0767 1500 b06bdrv - ok
10:36:25.0930 1500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:36:26.0009 1500 b57nd60a - ok
10:36:26.0364 1500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:36:26.0443 1500 Beep - ok
10:36:26.0607 1500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:36:26.0675 1500 blbdrive - ok
10:36:26.0843 1500 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:36:26.0972 1500 bowser - ok
10:36:27.0101 1500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:36:27.0208 1500 BrFiltLo - ok
10:36:27.0218 1500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:36:27.0243 1500 BrFiltUp - ok
10:36:27.0266 1500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:36:27.0384 1500 Brserid - ok
10:36:27.0542 1500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:36:27.0622 1500 BrSerWdm - ok
10:36:27.0634 1500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:36:27.0684 1500 BrUsbMdm - ok
10:36:27.0696 1500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:36:27.0719 1500 BrUsbSer - ok
10:36:27.0730 1500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:36:27.0756 1500 BTHMODEM - ok
10:36:27.0834 1500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:36:27.0923 1500 cdfs - ok
10:36:28.0035 1500 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:36:28.0169 1500 cdrom - ok
10:36:28.0354 1500 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
10:36:28.0455 1500 cfwids - ok
10:36:28.0597 1500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:36:28.0683 1500 circlass - ok
10:36:28.0747 1500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:36:28.0765 1500 CLFS - ok
10:36:28.0957 1500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:36:29.0029 1500 CmBatt - ok
10:36:29.0071 1500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:36:29.0103 1500 cmdide - ok
10:36:29.0156 1500 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:36:29.0233 1500 CNG - ok
10:36:29.0302 1500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:36:29.0323 1500 Compbatt - ok
10:36:29.0371 1500 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:36:29.0493 1500 CompositeBus - ok
10:36:29.0615 1500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:36:29.0644 1500 crcdisk - ok
10:36:29.0733 1500 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:36:29.0883 1500 CtClsFlt - ok
10:36:30.0018 1500 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:36:30.0166 1500 DfsC - ok
10:36:30.0228 1500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:36:30.0320 1500 discache - ok
10:36:30.0355 1500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:36:30.0393 1500 Disk - ok
10:36:30.0552 1500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:36:30.0630 1500 drmkaud - ok
10:36:30.0700 1500 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:36:30.0782 1500 DXGKrnl - ok
10:36:30.0920 1500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:36:31.0082 1500 ebdrv - ok
10:36:31.0247 1500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:36:31.0321 1500 elxstor - ok
10:36:31.0362 1500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:36:31.0439 1500 ErrDev - ok
10:36:31.0524 1500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:36:31.0605 1500 exfat - ok
10:36:31.0637 1500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:36:31.0728 1500 fastfat - ok
10:36:31.0816 1500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:36:31.0890 1500 fdc - ok
10:36:31.0983 1500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:36:32.0014 1500 FileInfo - ok
10:36:32.0032 1500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:36:32.0142 1500 Filetrace - ok
10:36:32.0194 1500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:36:32.0266 1500 flpydisk - ok
10:36:32.0347 1500 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:36:32.0410 1500 FltMgr - ok
10:36:32.0460 1500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:36:32.0494 1500 FsDepends - ok
10:36:32.0510 1500 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:36:32.0524 1500 Fs_Rec - ok
10:36:32.0588 1500 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:36:32.0621 1500 fvevol - ok
10:36:32.0645 1500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:36:32.0664 1500 gagp30kx - ok
10:36:32.0724 1500 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:36:32.0793 1500 GEARAspiWDM - ok
10:36:32.0973 1500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:36:33.0091 1500 hcw85cir - ok
10:36:33.0182 1500 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:36:33.0255 1500 HDAudBus - ok
10:36:33.0295 1500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:36:33.0342 1500 HidBatt - ok
10:36:33.0375 1500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:36:33.0452 1500 HidBth - ok
10:36:33.0476 1500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:36:33.0529 1500 HidIr - ok
10:36:33.0680 1500 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:36:33.0778 1500 HidUsb - ok
10:36:33.0842 1500 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:36:33.0916 1500 HpSAMD - ok
10:36:33.0982 1500 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:36:34.0086 1500 HTTP - ok
10:36:34.0132 1500 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:36:34.0149 1500 hwpolicy - ok
10:36:34.0220 1500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:36:34.0267 1500 i8042prt - ok
10:36:34.0341 1500 iaStor (4f6fb2cdbdeefc47e7d2066e78254580) C:\Windows\system32\DRIVERS\iaStor.sys
10:36:34.0383 1500 iaStor - ok
10:36:34.0458 1500 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:36:34.0547 1500 iaStorV - ok
10:36:34.0595 1500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:36:34.0644 1500 iirsp - ok
10:36:34.0691 1500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:36:34.0707 1500 intelide - ok
10:36:34.0741 1500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:36:34.0801 1500 intelppm - ok
10:36:34.0917 1500 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:36:35.0058 1500 IpFilterDriver - ok
10:36:35.0133 1500 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:36:35.0233 1500 IPMIDRV - ok
10:36:35.0322 1500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:36:35.0416 1500 IPNAT - ok
10:36:35.0605 1500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:36:35.0707 1500 IRENUM - ok
10:36:35.0742 1500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:36:35.0759 1500 isapnp - ok
10:36:35.0801 1500 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:36:35.0892 1500 iScsiPrt - ok
10:36:35.0921 1500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:36:35.0939 1500 kbdclass - ok
10:36:36.0001 1500 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:36:36.0118 1500 kbdhid - ok
10:36:36.0157 1500 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:36:36.0217 1500 KSecDD - ok
10:36:36.0272 1500 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:36:36.0346 1500 KSecPkg - ok
10:36:36.0406 1500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:36:36.0500 1500 ksthunk - ok
10:36:36.0611 1500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:36:36.0709 1500 lltdio - ok
10:36:36.0813 1500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:36:36.0847 1500 LSI_FC - ok
10:36:36.0858 1500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:36:36.0875 1500 LSI_SAS - ok
10:36:36.0893 1500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:36:36.0910 1500 LSI_SAS2 - ok
10:36:36.0929 1500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:36:36.0949 1500 LSI_SCSI - ok
10:36:36.0998 1500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:36:37.0098 1500 luafv - ok
10:36:37.0261 1500 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
10:36:37.0291 1500 MBAMProtector - ok
10:36:37.0539 1500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:36:37.0569 1500 megasas - ok
10:36:37.0590 1500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:36:37.0616 1500 MegaSR - ok
10:36:37.0693 1500 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
10:36:37.0706 1500 mfeapfk - ok
10:36:37.0756 1500 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
10:36:37.0841 1500 mfeavfk - ok
10:36:37.0977 1500 mfeavfk01 - ok
10:36:38.0145 1500 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
10:36:38.0234 1500 mfefirek - ok
10:36:38.0286 1500 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
10:36:38.0367 1500 mfehidk - ok
10:36:38.0466 1500 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
10:36:38.0524 1500 mfenlfk - ok
10:36:38.0622 1500 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
10:36:38.0647 1500 mferkdet - ok
10:36:38.0743 1500 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
10:36:38.0829 1500 mfewfpk - ok
10:36:38.0889 1500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:36:38.0988 1500 Modem - ok
10:36:39.0056 1500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:36:39.0106 1500 monitor - ok
10:36:39.0212 1500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:36:39.0245 1500 mouclass - ok
10:36:39.0300 1500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:36:39.0360 1500 mouhid - ok
10:36:39.0445 1500 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:36:39.0461 1500 mountmgr - ok
10:36:39.0513 1500 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:36:39.0587 1500 mpio - ok
10:36:39.0623 1500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:36:39.0717 1500 mpsdrv - ok
10:36:39.0755 1500 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:36:39.0910 1500 MRxDAV - ok
10:36:39.0952 1500 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:36:40.0086 1500 mrxsmb - ok
10:36:40.0138 1500 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:36:40.0227 1500 mrxsmb10 - ok
10:36:40.0273 1500 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:36:40.0343 1500 mrxsmb20 - ok
10:36:40.0386 1500 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:36:40.0479 1500 msahci - ok
10:36:40.0519 1500 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:36:40.0604 1500 msdsm - ok
10:36:40.0688 1500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:36:40.0743 1500 Msfs - ok
10:36:40.0765 1500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:36:40.0855 1500 mshidkmdf - ok
10:36:40.0893 1500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:36:40.0923 1500 msisadrv - ok
10:36:41.0035 1500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:36:41.0126 1500 MSKSSRV - ok
10:36:41.0174 1500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:36:41.0256 1500 MSPCLOCK - ok
10:36:41.0307 1500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:36:41.0415 1500 MSPQM - ok
10:36:41.0494 1500 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:36:41.0559 1500 MsRPC - ok
10:36:41.0615 1500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:36:41.0645 1500 mssmbios - ok
10:36:41.0706 1500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:36:41.0801 1500 MSTEE - ok
10:36:41.0811 1500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:36:41.0837 1500 MTConfig - ok
10:36:41.0869 1500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:36:41.0901 1500 Mup - ok
10:36:42.0023 1500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:36:42.0126 1500 NativeWifiP - ok
10:36:42.0280 1500 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:36:42.0307 1500 NDIS - ok
10:36:42.0376 1500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:36:42.0467 1500 NdisCap - ok
10:36:42.0511 1500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:36:42.0582 1500 NdisTapi - ok
10:36:42.0655 1500 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:36:42.0798 1500 Ndisuio - ok
10:36:42.0840 1500 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:36:42.0975 1500 NdisWan - ok
10:36:43.0019 1500 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:36:43.0163 1500 NDProxy - ok
10:36:43.0232 1500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:36:43.0312 1500 NetBIOS - ok
10:36:43.0363 1500 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:36:43.0456 1500 NetBT - ok
10:36:43.0757 1500 NETw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\NETw5v64.sys
10:36:44.0101 1500 NETw5v64 - ok
10:36:44.0228 1500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:36:44.0246 1500 nfrd960 - ok
10:36:44.0277 1500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:36:44.0363 1500 Npfs - ok
10:36:44.0401 1500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:36:44.0467 1500 nsiproxy - ok
10:36:44.0555 1500 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:36:44.0713 1500 Ntfs - ok
10:36:44.0807 1500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:36:44.0906 1500 Null - ok
10:36:44.0979 1500 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:36:45.0056 1500 nvraid - ok
10:36:45.0090 1500 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:36:45.0166 1500 nvstor - ok
10:36:45.0193 1500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:36:45.0228 1500 nv_agp - ok
10:36:45.0264 1500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:36:45.0326 1500 ohci1394 - ok
10:36:45.0421 1500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:36:45.0462 1500 Parport - ok
10:36:45.0508 1500 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:36:45.0582 1500 partmgr - ok
10:36:45.0720 1500 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
10:36:45.0733 1500 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
10:36:45.0860 1500 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:36:45.0899 1500 pci - ok
10:36:45.0942 1500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:36:45.0962 1500 pciide - ok
10:36:46.0020 1500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:36:46.0072 1500 pcmcia - ok
10:36:46.0094 1500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:36:46.0111 1500 pcw - ok
10:36:46.0146 1500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:36:46.0240 1500 PEAUTH - ok
10:36:46.0396 1500 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:36:46.0538 1500 PptpMiniport - ok
10:36:46.0577 1500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:36:46.0647 1500 Processor - ok
10:36:46.0790 1500 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:36:46.0858 1500 Psched - ok
10:36:46.0911 1500 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:36:46.0989 1500 PxHlpa64 - ok
10:36:47.0083 1500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:36:47.0196 1500 ql2300 - ok
10:36:47.0238 1500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:36:47.0276 1500 ql40xx - ok
10:36:47.0352 1500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:36:47.0404 1500 QWAVEdrv - ok
10:36:47.0439 1500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:36:47.0507 1500 RasAcd - ok
10:36:47.0655 1500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:36:47.0698 1500 RasAgileVpn - ok
10:36:47.0747 1500 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:36:47.0860 1500 Rasl2tp - ok
10:36:47.0906 1500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:36:48.0011 1500 RasPppoe - ok
10:36:48.0045 1500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:36:48.0107 1500 RasSstp - ok
10:36:48.0145 1500 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:36:48.0269 1500 rdbss - ok
10:36:48.0311 1500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:36:48.0397 1500 rdpbus - ok
10:36:48.0420 1500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:36:48.0500 1500 RDPCDD - ok
10:36:48.0547 1500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:36:48.0627 1500 RDPENCDD - ok
10:36:48.0655 1500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:36:48.0714 1500 RDPREFMP - ok
10:36:48.0755 1500 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:36:48.0849 1500 RDPWD - ok
10:36:48.0923 1500 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:36:49.0004 1500 rdyboost - ok
10:36:49.0188 1500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:36:49.0255 1500 rspndr - ok
10:36:49.0313 1500 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
10:36:49.0383 1500 RSUSBSTOR - ok
10:36:49.0555 1500 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:36:49.0615 1500 sbp2port - ok
10:36:49.0667 1500 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:36:49.0778 1500 scfilter - ok
10:36:49.0856 1500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:36:49.0917 1500 secdrv - ok
10:36:49.0961 1500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:36:50.0026 1500 Serenum - ok
10:36:50.0042 1500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:36:50.0069 1500 Serial - ok
10:36:50.0119 1500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:36:50.0146 1500 sermouse - ok
10:36:50.0174 1500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:36:50.0216 1500 sffdisk - ok
10:36:50.0246 1500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:36:50.0305 1500 sffp_mmc - ok
10:36:50.0332 1500 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:36:50.0441 1500 sffp_sd - ok
10:36:50.0515 1500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:36:50.0580 1500 sfloppy - ok
10:36:50.0725 1500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:36:50.0762 1500 SiSRaid2 - ok
10:36:50.0784 1500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:36:50.0803 1500 SiSRaid4 - ok
10:36:50.0819 1500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:36:50.0901 1500 Smb - ok
10:36:50.0958 1500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:36:50.0981 1500 spldr - ok
10:36:51.0040 1500 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:36:51.0176 1500 srv - ok
10:36:51.0320 1500 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:36:51.0437 1500 srv2 - ok
10:36:51.0534 1500 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:36:51.0651 1500 srvnet - ok
10:36:51.0797 1500 StarOpen - ok
10:36:51.0867 1500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:36:51.0903 1500 stexstor - ok
10:36:51.0980 1500 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
10:36:52.0066 1500 STHDA - ok
10:36:52.0196 1500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:36:52.0232 1500 swenum - ok
10:36:52.0305 1500 SynTP (3178b56219e0e4fb5f95299e49b83b44) C:\Windows\system32\DRIVERS\SynTP.sys
10:36:52.0371 1500 SynTP - ok
10:36:52.0496 1500 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:36:52.0694 1500 Tcpip - ok
10:36:52.0881 1500 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:36:52.0926 1500 TCPIP6 - ok
10:36:52.0975 1500 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:36:53.0091 1500 tcpipreg - ok
10:36:53.0141 1500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:36:53.0214 1500 TDPIPE - ok
10:36:53.0226 1500 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:36:53.0303 1500 TDTCP - ok
10:36:53.0368 1500 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:36:53.0507 1500 tdx - ok
10:36:53.0554 1500 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:36:53.0615 1500 TermDD - ok
10:36:53.0812 1500 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:36:53.0932 1500 tssecsrv - ok
10:36:54.0003 1500 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:36:54.0119 1500 TsUsbFlt - ok
10:36:54.0246 1500 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:36:54.0320 1500 tunnel - ok
10:36:54.0364 1500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:36:54.0398 1500 uagp35 - ok
10:36:54.0444 1500 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:36:54.0580 1500 udfs - ok
10:36:54.0623 1500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:36:54.0642 1500 uliagpkx - ok
10:36:54.0705 1500 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:36:54.0763 1500 umbus - ok
10:36:54.0825 1500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:36:54.0891 1500 UmPass - ok
10:36:55.0065 1500 USB28xxBGA (83a8e901d342edc34f49297a275ef656) C:\Windows\system32\DRIVERS\emBDA64.sys
10:36:55.0224 1500 USB28xxBGA - ok
10:36:55.0294 1500 USB28xxOEM (12a76e167571246d2cc862dda13894f6) C:\Windows\system32\DRIVERS\emOEM64.sys
10:36:55.0373 1500 USB28xxOEM - ok
10:36:55.0428 1500 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:36:55.0581 1500 USBAAPL64 - ok
10:36:55.0698 1500 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:36:55.0780 1500 usbaudio - ok
10:36:55.0829 1500 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:36:55.0956 1500 usbccgp - ok
10:36:56.0056 1500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:36:56.0101 1500 usbcir - ok
10:36:56.0175 1500 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:36:56.0334 1500 usbehci - ok
10:36:56.0428 1500 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:36:56.0557 1500 usbhub - ok
10:36:56.0611 1500 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:36:56.0710 1500 usbohci - ok
10:36:56.0753 1500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:36:56.0821 1500 usbprint - ok
10:36:56.0855 1500 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:36:56.0987 1500 USBSTOR - ok
10:36:57.0009 1500 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
10:36:57.0090 1500 usbuhci - ok
10:36:57.0133 1500 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:36:57.0243 1500 usbvideo - ok
10:36:57.0365 1500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:36:57.0397 1500 vdrvroot - ok
10:36:57.0441 1500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:36:57.0482 1500 vga - ok
10:36:57.0506 1500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:36:57.0595 1500 VgaSave - ok
10:36:57.0640 1500 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:36:57.0712 1500 vhdmp - ok
10:36:57.0759 1500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:36:57.0791 1500 viaide - ok
10:36:57.0841 1500 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:36:57.0899 1500 volmgr - ok
10:36:57.0959 1500 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:36:57.0995 1500 volmgrx - ok
10:36:58.0016 1500 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:36:58.0081 1500 volsnap - ok
10:36:58.0135 1500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:36:58.0176 1500 vsmraid - ok
10:36:58.0202 1500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:36:58.0262 1500 vwifibus - ok
10:36:58.0280 1500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:36:58.0312 1500 WacomPen - ok
10:36:58.0430 1500 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:36:58.0549 1500 WANARP - ok
10:36:58.0554 1500 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:36:58.0594 1500 Wanarpv6 - ok
10:36:58.0645 1500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:36:58.0684 1500 Wd - ok
10:36:58.0739 1500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:36:58.0771 1500 Wdf01000 - ok
10:36:58.0822 1500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:36:58.0884 1500 WfpLwf - ok
10:36:58.0907 1500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:36:58.0923 1500 WIMMount - ok
10:36:59.0008 1500 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:36:59.0103 1500 WinUsb - ok
10:36:59.0231 1500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:36:59.0263 1500 WmiAcpi - ok
10:36:59.0423 1500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:36:59.0514 1500 ws2ifsl - ok
10:36:59.0570 1500 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:36:59.0710 1500 WudfPf - ok
10:36:59.0768 1500 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:36:59.0922 1500 WUDFRd - ok
10:36:59.0977 1500 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
10:37:00.0111 1500 yukonw7 - ok
10:37:00.0155 1500 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
10:37:00.0298 1500 \Device\Harddisk0\DR0 - ok
10:37:00.0302 1500 Boot (0x1200) (49eafd031814bcbe5250944ddd9122a6) \Device\Harddisk0\DR0\Partition0
10:37:00.0303 1500 \Device\Harddisk0\DR0\Partition0 - ok
10:37:00.0339 1500 Boot (0x1200) (33d9e4bc4eef2f7389178ece33078aa3) \Device\Harddisk0\DR0\Partition1
10:37:00.0341 1500 \Device\Harddisk0\DR0\Partition1 - ok
10:37:00.0341 1500 ============================================================
10:37:00.0341 1500 Scan finished
10:37:00.0341 1500 ============================================================
10:37:00.0359 5176 Detected object count: 0
10:37:00.0359 5176 Actual detected object count: 0

cosinus 10.12.2011 13:28
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Karin49ers 16.12.2011 21:02
Hallo Arne hier der log aus combofix:

Combofix Logfile:
Code:
ComboFix 11-12-16.01 - Christian 16.12.2011  19:58:57.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6140.4364 [GMT 1:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\msshavc.Bin
C:\System
c:\users\Christian\Documents\~WRL0003.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-16 bis 2011-12-16  ))))))))))))))))))))))))))))))
.
.
2011-12-16 19:40 . 2011-12-16 19:40        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-12-16 19:40 . 2011-12-16 19:40        --------        d-----w-        c:\users\Anna\AppData\Local\temp
2011-12-15 20:02 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-15 20:02 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
2011-12-15 20:02 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-15 20:02 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-12-08 18:29 . 2011-12-08 18:28        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-12-08 18:29 . 2011-12-08 18:28        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-12-08 18:28 . 2011-12-08 18:28        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-12-08 18:28 . 2011-12-08 18:28        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-12-08 18:28 . 2011-12-08 18:28        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-12-08 18:28 . 2011-12-08 18:28        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-12-08 18:28 . 2011-12-08 18:28        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-12-08 18:28 . 2011-12-08 18:28        --------        d-----w-        c:\program files (x86)\QuickTime
2011-12-08 18:22 . 2011-12-08 18:22        --------        d-----w-        c:\program files\iPod
2011-12-08 18:22 . 2011-12-08 18:23        --------        d-----w-        c:\program files\iTunes
2011-12-08 18:11 . 2011-12-08 18:11        --------        d-----w-        c:\users\Anna\AppData\Local\Apple
2011-12-08 16:44 . 2011-12-08 16:44        --------        d-----w-        C:\_OTL
2011-12-04 09:15 . 2011-12-04 09:15        --------        d-----w-        c:\program files\7-Zip
2011-11-27 15:32 . 2011-11-27 15:32        --------        d-----w-        c:\program files (x86)\ESET
2011-11-25 20:23 . 2011-11-27 09:28        --------        d-----w-        c:\program files (x86)\7-Zip
2011-11-23 20:58 . 2011-11-23 20:58        --------        d-----w-        c:\users\Christian\AppData\Local\Microsoft Help
2011-11-20 16:54 . 2011-11-20 16:54        --------        d-----w-        c:\program files\CCleaner
2011-11-17 19:48 . 2011-10-18 13:29        28760        ----a-w-        c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2011-11-17 19:42 . 2010-05-31 18:32        24376        ----a-w-        c:\program files (x86)\Mozilla Firefox\components\Scriptff.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 22:45 . 2011-06-24 19:07        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 18:35 . 2011-11-10 18:35        466456        ----a-w-        c:\windows\system32\wrap_oal.dll
2011-11-10 18:35 . 2011-11-10 18:35        122904        ----a-w-        c:\windows\system32\OpenAL32.dll
2011-11-10 18:35 . 2011-11-10 18:35        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2011-11-10 18:35 . 2011-11-10 18:35        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts
2011-10-15 12:16 . 2010-09-09 07:22        10248        ----a-w-        c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 12:16 . 2010-09-09 07:22        75808        ----a-w-        c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 12:16 . 2010-09-09 07:22        65264        ----a-w-        c:\windows\system32\drivers\cfwids.sys
2011-10-15 12:16 . 2010-09-09 07:22        647080        ----a-w-        c:\windows\system32\drivers\mfehidk.sys
2011-10-15 12:16 . 2010-09-09 07:22        481768        ----a-w-        c:\windows\system32\drivers\mfefirek.sys
2011-10-15 12:16 . 2010-09-09 07:22        284648        ----a-w-        c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 12:16 . 2010-09-09 07:22        229528        ----a-w-        c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 12:16 . 2010-09-09 07:22        160280        ----a-w-        c:\windows\system32\drivers\mfeapfk.sys
2011-10-15 12:16 . 2010-09-09 07:22        100912        ----a-w-        c:\windows\system32\drivers\mferkdet.sys
2011-10-03 03:06 . 2010-04-20 18:01        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-09-29 16:29 . 2011-11-09 12:21        1923952        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 12:21        3144704        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-07 39408]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2011-04-14 12036968]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-10 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-10 347008]
"GameXN"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-10 347008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2011-07-16 282512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0245101324061464mcinstcleanup;McAfee Application Installer Cleanup (0245101324061464);c:\windows\TEMP\024510~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca776ea25ee382;Google Update Service (gupdate1ca776ea25ee382);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-07 133104]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-07 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-10-06 25072]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2011-07-16 27584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-07-16 24992]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-07 18:53]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-07 18:53]
.
2011-11-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-12-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.spiegel.de/
mStart Page = hxxp://de.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} -
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\kmfc5jwi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-16  20:50:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-16 19:50
.
Vor Suchlauf: 15 Verzeichnis(se), 290.059.763.712 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 289.717.780.480 Bytes frei
.
- - End Of File - - 7B154976EE410C2640D66DACB75C9F0B
--- --- ---


Danke Dir schon mal

LG
Karin

cosinus 17.12.2011 20:22
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Karin49ers 17.12.2011 21:48
Hallo Arne,

hier der neue log



aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-17 21:16:37
-----------------------------
21:16:37.058 OS Version: Windows x64 6.1.7601 Service Pack 1
21:16:37.058 Number of processors: 2 586 0x170A
21:16:37.058 ComputerName: CHRISTIAN-PC UserName: Christian
21:16:49.803 Initialize success
21:16:58.196 AVAST engine defs: 11121702
21:17:52.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:17:52.859 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
21:17:52.952 Disk 0 MBR read successfully
21:17:52.968 Disk 0 MBR scan
21:17:52.968 Disk 0 Windows VISTA default MBR code
21:17:52.968 Service scanning
21:17:54.372 Modules scanning
21:17:54.372 Disk 0 trace - called modules:
21:17:54.387 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:17:54.387 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005dde060]
21:17:54.403 3 CLASSPNP.SYS[fffff88001fa443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005923050]
21:17:56.041 AVAST engine scan C:\Windows
21:18:12.967 AVAST engine scan C:\Windows\system32
21:20:58.737 AVAST engine scan C:\Windows\system32\drivers
21:21:15.055 AVAST engine scan C:\Users\Christian
21:34:59.277 AVAST engine scan C:\ProgramData
21:43:43.605 Scan finished successfully
21:44:40.483 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"
21:44:40.530 The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"

cosinus 18.12.2011 13:03
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Karin49ers 21.12.2011 23:08
Hall Arne hier das Log der SUPERantispyware:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/21/2011 at 11:06 PM

Application Version : 5.0.1142

Core Rules Database Version : 8077
Trace Rules Database Version: 5889

Scan type : Complete Scan
Total Scan Time : 03:31:07

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned : 837
Memory threats detected : 0
Registry items scanned : 72892
Registry threats detected : 0
File items scanned : 195003
File threats detected : 196

Adware.Tracking Cookie
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\SO261HIR.txt [ Cookie:christian@clkads.com/adServe/banners/ ]
C:\USERS\CHRISTIAN\AppData\Roaming\Microsoft\Windows\Cookies\UOW08W69.txt [ Cookie:christian@clkads.com/adServe/banners ]
C:\USERS\CHRISTIAN\Cookies\SO261HIR.txt [ Cookie:christian@clkads.com/adServe/banners/ ]
C:\USERS\CHRISTIAN\Cookies\UOW08W69.txt [ Cookie:christian@clkads.com/adServe/banners ]
statse.webtrendslive.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\ANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CW54JTEN.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.tracking.hermesworld.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.tracking.hermesworld.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.tracking.hermesworld.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
servestats.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.kaspersky.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
media.laredoute.fr [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.advertise.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.cdate.122.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
www.cpcadnet.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.cpcadnet.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
xml.trafficno.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
xml.trafficno.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
keyword-advertising.web.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
keyword-advertising.web.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
keyword-advertising.web.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
keyword-advertising.web.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.dyntracker.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMFC5JWI.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-FraudPack
C:\PROGRAM FILES (X86)\RAD.ROUTENPLANER. 7.0\BIN\DXBAREXTITEMSD9.BPL

PotentiallyUnwanted.SoftonicDownloader
C:\USERS\CHRISTIAN\DESKTOP\SOFTONICDOWNLOADER_FUER_KASPERSKY-TDSSKILLER.EXE

Karin49ers 21.12.2011 23:12
und malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8403

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20.12.2011 22:52:42
mbam-log-2011-12-20 (22-52-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 425212
Laufzeit: 2 Stunde(n), 20 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Karin49ers 22.12.2011 01:08
und ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=16bade026e08174f89fe7f9d55708dea
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-27 05:14:34
# local_time=2011-11-27 06:14:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 852181 22895950 0 0
# compatibility_mode=5893 16776574 100 94 3260168 74037956 0 0
# compatibility_mode=8192 67108863 100 0 3747 3747 0 0
# scanned=250066
# found=0
# cleaned=0
# scan_time=5968
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=16bade026e08174f89fe7f9d55708dea
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-21 11:54:33
# local_time=2011-12-22 12:54:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 2949865 24993634 0 0
# compatibility_mode=5893 16776574 100 94 5357852 76135640 0 0
# compatibility_mode=8192 67108863 100 0 2101431 2101431 0 0
# scanned=253002
# found=1
# cleaned=0
# scan_time=5883
C:\Users\Christian\Desktop\SoftonicDownloader_fuer_kaspersky-tdsskiller.exe Win32/SoftonicDownloader application (unable to clean) 00000000000000000000000000000000 I

cosinus 22.12.2011 13:48
Zitat:
C:\Users\Christian\Desktop\SoftonicDownloader_fuer_kaspersky-tdsskiller.exe
Wieso lädst du dir den TDSS-Killer von Softonic?! :eek: :balla:
Bitte nicht falsch verstehen, aber irgendwie hab ich den Eindruck es ist ein Volkssport geworden sich sämtlichen Kram von Softonic zu laden. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?


Ansonsten nur Cookies. Rechner soweit wieder im Lot?

Karin49ers 22.12.2011 15:05
Hallo Arne, nein versteh es nicht falsch, Danke für den Hinweis mit softonic, bin für jeden Tipp für die Zukunft dankbar!!
nein Rechner leider nicht im Lot, google leitet immer noch über webplains auf werbeseiten, schau bitte noch mal das Ergebnis von SuperAntispyware an, außer dem von Softonic und den Cookies hatte er mir noch ein Trojan Agent ausgeworfen und den auch als "kritisch" betitelt.

LG
Karin49ers

Karin49ers 22.12.2011 15:06
P.S. Nachfrage, soll ich die von superanti,.. gefundenen Ergebnisse löschen?

cosinus 22.12.2011 18:15
Zitat:
hatte er mir noch ein Trojan Agent ausgeworfen und den auch als "kritisch" betitelt.
Das ist ein Fehlalarm oder ist dein Rad-Routenplaner eine gecrackte Raubkopie? :balla:

Zitat:
google leitet immer noch über webplains auf werbeseiten
Hast du rein zufällig einen Router? Wenn ja wurde da das Adminpasswort geändert?
Wenn nicht, setz diesen Router auf Werkseinstellungen zurück und konfiguriere ihn neu. Wichtig ist, dass du das unsichere vordefinierte Adminkennwort zum Router änderst!

Karin49ers 22.12.2011 21:25
so, alles zurückgesetzt und dann bei google getestet ob alles im lot mit dem Erfolg: Bundespolizeitrojaner!

Sicherheitsbericht Dezember 22, 2011
Ihr Abonnement ist aktiv. Ihr Abonnement läuft in 351 Tagen ab.
Lizenz Lizenzen:1
Aktualisieren Letzte Aktualisierung:22.12.2011 19:33 Nächste Aktualisierung:23.12.2011 00:29
Scan-Bericht Letzter Scan:22.12.2011 21:17 Typ:Schnellscan Gescannte Elemente gesamt:14240
Scan-Aktivität Schnell:4 Vollständig:8 Benutzerdefiniert:0 Geplant:8 Rechtsklick:0 Neustart:0
Firewall Gesamtaktivität Zugelassene Programme:1316 Blockierte Programme:0 Entdeckte Eindringungsversuche:0 Risikoreiche Verbindungen versucht:0 Risikoreiche Verbindungen zugelassen:0 Risikoreiche Verbindungen blockiert:0
Anti-Spam Aktivitäten in den letzten 30 Tagen Gefilterte Spam-Nachrichten:0 Empfangene saubere Nachrichten:0

misp://reportframe.html/
Entdeckte Elemente Viren:0 Trojaner:16 Rootkits:1 Verfolgungs-Cookies:6375 Buffer Overflows:0 Potentiell unerwünschte Programme:0
Seite 1 von 2
22.12.2011



QuickClean Gesamtzahl der entfernten Elemente: 5032 Papierkorb:2 Temporäre Dateien:3625 Registrierung:307 Andere Systemdateien:26 Internet Explorer:23 Firefox:0 Chrome:0 Outlook:0 Windows Mail:0
Shredder Geschredderte Elemente gesamt:0
Mein Heimnetzwerk Entdeckte Eindringlinge:0 Vertrauensbeziehungen:0 Erkannte Probleme:0 Behobene Probleme:0

Karin49ers 22.12.2011 21:29
bei malwarebytes kommt das:

troyjanspyeyes.rgen
trojan.zbot.cbc

komme nicht auf ordner logfiles, er will erst wissen ob er es removen soll, wenn ich auf main menu gehe warnt er mich das scan results verloren gehen,

was tuuun?

LG karin49ers

cosinus 22.12.2011 22:44
Zitat:
was tuuun?
Ich weiß nicht was diese Frage soll es wurde vorher schon deutlich genug gemacht, dass du die Logs posten sollst

Eine von dir gepostete Beschreibung oder Umschrebung war icht erwünscht, weile diese auch viel zu viel Raum an Spekualationen mit sich bringt.

BITTE einfach nur die LOGS POSTEN, ich werd einfach keine näheren Aussagen mehr zum Zustand des PC machen :nixda:

Karin49ers 22.12.2011 22:52
sorry arne, aber ich habe doch das logfile von mac affee gepostet, und geschrieben, dass ich nicht auf den ordner "logfiles" von malwarebytes komme, ohne dass er mir schreibt, dass meine scan results verloren gehen, ich denke deutlich gemacht zu haben, dass ich gerne posten würde, wenn ich wüßte wie,.dann mache ich jetzt einfach die haken beim removen weg, und gehe auf logfiles bei malware

cosinus 22.12.2011 23:02
Es ist doch ganz einfach, warum machst du dir das so schwer?

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Karin49ers 22.12.2011 23:07
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8403

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

22.12.2011 23:06:36
mbam-log-2011-12-22 (23-06-16).txt

Scan type: Quick scan
Objects scanned: 157091
Time elapsed: 1 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3Y9I3J0H2JWF2C5HBHINKUZZV (Trojan.SpyEyes.RGen) -> Value: 3Y9I3J0H2JWF2C5HBHINKUZZV -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\christian\AppData\Local\Temp\wpbt0.dll (Trojan.Zbot.CBCGen) -> No action taken.

Karin49ers 22.12.2011 23:11
mein problem ist, dass ich nur noch mit dem anderen benutzer online gehen kann, da bei dem anderen, der bildschirm durch den bundespolizeischmarrn gesperrt ist und wenn ich von hier auf die alten logs gehe sehen die alle nur noch so aus:

09:52:34 Christian ERROR IsValidLicenseKey failed with error code 13
09:52:34 Christian MESSAGE Protection stopped
20:24:18 Christian ERROR IsValidLicenseKey failed with error code 13
20:24:18 Christian MESSAGE Protection stopped

cosinus 23.12.2011 16:43
Da dieser Strang hier schon seit 4 Wochen in Bearbeitung ist, kann man darauf schließen dass du dir doch ganz schön Zeit lässt mit der Bereinigung. Ich finde sowas einfach nicht mehr sinnvoll zudem glaube ich dass du dir in der Zwischenzeit wieder neuen Mist installiert/eingehandelt hast.

Zitat:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3Y9I3J0H2JWF2C5HBHINKUZZV (Trojan.SpyEyes.RGen)
c:\Users\christian\AppData\Local\Temp\wpbt0.dll (Trojan.Zbot.CBCGen) -> No action taken.
SpyEyes und ZBot...
Ich denke sinnvoller für dich wäre eine Neuinstallation von Windows als jetzt nochmal bei deiner Reaktionszeit vier Wochen eine weitere Bereinigung zu versuchen :balla:


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:37 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131