Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   weißer Bildschirm + Warten sie während die Verbindung aufgebaut wird. (engl.+ deut.) (https://www.trojaner-board.de/113197-weisser-bildschirm-warten-waehrend-verbindung-aufgebaut-engl-deut.html)

Terminator92 05.04.2012 12:59
weißer Bildschirm + Warten sie während die Verbindung aufgebaut wird. (engl.+ deut.)
 
Hallo zusammen,

Ich habe das Problem, das hier im Forum schon öfters aufgetaucht ist:
Beim Start von Windows ergibt sich nach dem Willkommensbildschirm nur ein weißer Hintergrund mit einem Text auf Deutsch und Englisch, der sie dazu auffordert zu warten bis eine Verbindung hergestellt wurde.

Nach dem lesen der Themen über das bekannte Problem habe ich mir auch die OTLPE-Boot-CD runtergeladen und ein Scan laufen lassen.

Hier das Ergebnis:

Code:
OTL logfile created on: 4/4/2012 7:58:47 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: xxxxxxxx | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 68.35 Gb Free Space | 61.14% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 226.00 Gb Free Space | 75.82% Space Free | Partition Type: NTFS
Drive E: | 29.83 Gb Total Space | 26.08 Gb Free Space | 87.42% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2008/10/15 08:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 08:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/27 19:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/08/10 14:56:25 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110903.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/07/22 20:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110812.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys -- (SymEFA)
DRV - [2011/02/04 09:19:34 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110906.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/02/04 09:19:33 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110906.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/02/03 15:46:59 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/02/03 06:53:06 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2011/01/19 02:36:58 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/23 08:51:30 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/09/23 08:50:46 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/09/23 08:50:43 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/09/16 03:43:10 | 004,127,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/11/08 13:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/01/25 20:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006/12/27 19:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2002/07/16 12:58:12 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Patty_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Patty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/02/07 04:18:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_1_3 [2012/04/04 10:10:19 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/02/01 15:43:49 | 000,000,122 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5410b50c-0364-11de-b6af-00016cdd80e6}\Shell - "" = AutoRun
O33 - MountPoints2\{5410b50c-0364-11de-b6af-00016cdd80e6}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{6aa11ed3-e9be-11df-a96a-00016cdd80e6}\Shell\AutoRun\command - "" = K:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/04 10:10:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/04 10:09:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/04 10:09:46 | 000,000,680 | ---- | M] () -- C:\Users\Patty\AppData\Local\d3d9caps.dat
[2012/04/04 10:09:43 | 000,003,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 10:09:43 | 000,003,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 10:09:43 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/04/04 10:00:05 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7A1483EE-1741-4A3F-B023-6DBB32036422}.job
[2012/04/04 09:17:40 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/04/04 09:17:40 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/04 09:17:40 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/04/04 09:17:40 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/04 09:17:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
 
========== Files Created - No Company Name ==========
 
[2012/04/04 09:58:26 | 000,000,680 | ---- | C] () -- C:\Users\Patty\AppData\Local\d3d9caps.dat
[2010/12/13 10:40:22 | 000,001,940 | ---- | C] () -- C:\Users\Patty\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/22 11:35:09 | 000,112,070 | ---- | C] () -- C:\Users\Patty\AppData\Roaming\mdbu.bin
[2010/11/19 22:48:51 | 000,000,286 | ---- | C] () -- C:\Windows\HAUSDRCKINST.INI
[2009/09/21 08:58:48 | 000,000,428 | ---- | C] () -- C:\Windows\setup.ini
[2009/09/21 08:58:47 | 000,036,924 | ---- | C] () -- C:\Windows\cmijack.dat
[2009/09/21 08:58:47 | 000,027,408 | ---- | C] () -- C:\Windows\cmijack.ini
[2009/09/21 08:58:47 | 000,020,333 | ---- | C] () -- C:\Windows\cmaudio.dat
[2009/09/21 08:58:47 | 000,018,164 | ---- | C] () -- C:\Windows\cmaudio.ini
[2009/09/21 08:58:47 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI
[2009/09/21 08:58:47 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI
[2009/06/18 12:58:36 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL
[2009/03/04 14:14:53 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/04 14:14:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/25 14:33:53 | 000,004,608 | ---- | C] () -- C:\Users\Patty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/25 14:05:16 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009/02/25 13:00:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/09/10 08:13:50 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2008/01/21 03:15:58 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,253,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/11/20 20:56:08 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\IrfanView
[2009/04/30 13:16:04 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\OpenOffice.org
[2010/11/22 10:35:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Aldi Sued Fotoservice
[2009/02/25 13:06:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/03/04 09:00:12 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/02/25 13:06:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/02/25 13:06:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/02/25 13:06:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/02/25 13:06:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/04/04 10:10:17 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/04 10:00:05 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7A1483EE-1741-4A3F-B023-6DBB32036422}.job
 
========== Purity Check ==========
 
 
< End of report >
Ich hoffe ihr könnt mir in der Form eines Fixes weiterhelfen :)

MfG Terminator92

cosinus 05.04.2012 20:04
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

Terminator92 06.04.2012 11:34
Nein, leider nicht

gleiche Symptome

cosinus 06.04.2012 14:49
Das Log sieht irgendwie komisch aus, die typischen Einträge für den Blockierer seh ich da nicht.
Hast du da schon eigenmächtig irgendwas gelöscht?

Terminator92 06.04.2012 15:49
Nein hab ich nicht, aber ich hab meine Fehler entdeckt. Der Pc hatte noch eine alte HDD drinne aus nem anderen Pc wo auch noch Windows drauf war-.- ;D

Das müsste jetzt der "richtige" Log sein:

Code:
OTL logfile created on: 4/6/2012 7:28:27 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 226.21 Gb Free Space | 75.89% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011/01/26 18:55:24 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () [Auto] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/06/16 23:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2009/10/26 07:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/11/14 15:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 11:39:45 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 11:39:45 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/24 10:43:52 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/24 10:43:51 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/09/24 10:13:11 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/09/23 03:11:20 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20111222.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/21 22:53:36 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/08/21 22:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.sys -- (SymEFA)
DRV - [2011/08/04 00:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys -- (ccHP)
DRV - [2011/01/26 19:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/26 18:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 08:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/05/30 23:43:16 | 000,252,008 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/26 21:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/26 21:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/02 07:27:28 | 001,127,936 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/02/18 03:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010/01/11 07:28:30 | 000,099,952 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009/12/21 20:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NIS\1109000.00C\symds.sys -- (SymDS)
DRV - [2009/08/03 22:28:18 | 000,011,296 | R--- | M] () [Kernel | System] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/05/04 21:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2006/10/18 01:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Patricia_Scharf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Patricia_Scharf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Patricia_Scharf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 B0 4E D1 1B 05 CD 01  [binary data]
IE - HKU\Patricia_Scharf_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Patricia_Scharf_ON_C\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\Patricia_Scharf_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2011/09/28 08:21:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2012/04/04 10:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/20 09:00:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011/09/24 07:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patricia Scharf\AppData\Roaming\Mozilla\Extensions
[2011/09/25 12:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/25 12:01:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/09/28 08:21:05 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPLGN
[2011/09/25 08:29:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/20 09:00:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 09:00:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/20 09:00:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 09:00:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/20 09:00:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/20 09:00:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/20 09:00:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\Patricia_Scharf_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Patricia_Scharf_ON_C..\Run: [7Rxb5FismTZydeX] C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe ()
O4 - HKU\Patricia_Scharf_ON_C..\Run: [K3aRyluP6SiCkoR] C:\Users\Patricia Scharf\AppData\Roaming\flint4ytw.exe ()
O4 - Startup: C:\Users\Patricia Scharf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\Patricia_Scharf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Patricia_Scharf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Patricia_Scharf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Patricia_Scharf_ON_C Winlogon: Shell - (C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe) - C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe ()
O20 - HKU\Patricia_Scharf_ON_C Winlogon: UserInit - (C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe) - C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/31 14:18:51 | 000,000,000 | ---D | C] -- C:\001ff1ab907109e295
[2012/03/18 11:54:43 | 000,000,000 | ---D | C] -- C:\Users\Patricia Scharf\AppData\Local\CrashDumps
[2012/03/14 06:41:32 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 06:41:27 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 06:41:27 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 06:41:27 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 06:41:27 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 06:41:27 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/14 06:40:16 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/04 10:18:15 | 000,734,596 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/04/04 10:18:15 | 000,627,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/04 10:18:15 | 000,134,000 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/04 10:18:14 | 000,159,344 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/04/04 10:11:30 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 10:11:30 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 10:11:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/04 10:11:21 | 3353,534,464 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 15:14:41 | 000,287,232 | ---- | M] () -- C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe
[2012/03/18 11:51:49 | 000,286,720 | ---- | M] () -- C:\Users\Patricia Scharf\AppData\Roaming\flint4ytw.exe
[2012/03/15 07:21:26 | 000,288,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/04/04 10:11:20 | 3353,534,464 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/18 15:14:42 | 000,287,232 | ---- | C] () -- C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe
[2012/03/18 11:51:51 | 000,286,720 | ---- | C] () -- C:\Users\Patricia Scharf\AppData\Roaming\flint4ytw.exe
[2011/11/02 10:01:28 | 000,005,632 | ---- | C] () -- C:\Users\Patricia Scharf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/26 09:02:18 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/24 10:14:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/09/24 10:14:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/24 10:14:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/09/24 06:58:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/24 06:02:41 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/09/22 14:49:39 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2011/09/22 14:49:39 | 000,011,296 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011/09/22 14:49:37 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2011/09/22 14:49:37 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2011/09/22 14:49:01 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/09/22 14:46:35 | 000,044,650 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/09/22 12:04:40 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011/09/22 12:04:37 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/09/22 12:04:34 | 000,030,974 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/09/22 11:23:21 | 000,000,680 | ---- | C] () -- C:\Users\Patricia Scharf\AppData\Local\d3d9caps.dat
[2011/01/26 18:11:58 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/12/17 12:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2009/03/30 02:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe
[2008/01/21 03:15:58 | 000,734,596 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,159,344 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,288,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,627,270 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,134,000 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/09/25 12:06:09 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\OpenOffice.org
[2011/09/26 09:03:12 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Ulead Systems
[2011/09/22 11:21:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/09/24 05:53:20 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS OC Profiles
[2011/09/27 10:36:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/09/22 11:21:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/09/22 11:21:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/09/26 07:20:23 | 000,000,000 | ---D | M] -- C:\ProgramData\InterVideo
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/09/22 11:21:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/09/26 07:15:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/09/22 11:21:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/03/18 13:06:49 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

cosinus 06.04.2012 15:53
Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKU\Patricia_Scharf_ON_C..\Run: [7Rxb5FismTZydeX] C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe ()
O4 - HKU\Patricia_Scharf_ON_C..\Run: [K3aRyluP6SiCkoR] C:\Users\Patricia Scharf\AppData\Roaming\flint4ytw.exe ()
O7 - HKU\Patricia_Scharf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Patricia_Scharf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Patricia_Scharf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\Patricia_Scharf_ON_C Winlogon: Shell - (C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe) - C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe ()
O20 - HKU\Patricia_Scharf_ON_C Winlogon: UserInit - (C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe) - C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012/03/18 15:14:41 | 000,287,232 | ---- | M] () -- C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe
[2012/03/18 11:51:49 | 000,286,720 | ---- | M] () -- C:\Users\Patricia Scharf\AppData\Roaming\flint4ytw.exe
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Terminator92 06.04.2012 16:18
Code:
========== OTL ==========
Registry value HKEY_USERS\Patricia_Scharf_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\7Rxb5FismTZydeX deleted successfully.
C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe moved successfully.
Registry value HKEY_USERS\Patricia_Scharf_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\K3aRyluP6SiCkoR deleted successfully.
C:\Users\Patricia Scharf\AppData\Roaming\flint4ytw.exe moved successfully.
Registry value HKEY_USERS\Patricia_Scharf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\Patricia_Scharf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Patricia_Scharf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\Patricia_Scharf_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe deleted successfully.
File C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe not found.
Registry value HKEY_USERS\Patricia_Scharf_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe deleted successfully.
File C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File C:\Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe not found.
File C:\Users\Patricia Scharf\AppData\Roaming\flint4ytw.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 04062012_201214

cosinus 06.04.2012 16:20
Und jetzt? Startet Windows wieder normal?

Terminator92 06.04.2012 16:28
Jap funktioniert wieder!

Dankeschön !

MfG Terminator92

cosinus 06.04.2012 16:36
Ok :) Dann jetzt routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Terminator92 09.04.2012 18:52
So ESET Online:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d9de888c3a3312429c34b5e773bde4d6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-09 05:06:42
# local_time=2012-04-09 07:06:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3588 16777214 85 88 15045097 73566391 0 0
# compatibility_mode=5892 16776573 100 100 260704 171519089 0 0
# compatibility_mode=8192 67108863 100 0 86 86 0 0
# scanned=261377
# found=5
# cleaned=0
# scan_time=4840
C:\$Recycle.Bin\S-1-5-21-2138413153-3778864687-1211121035-1000\$RG3YKYI.zip        Mehrere Bedrohungen (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\$Recycle.Bin\S-1-5-21-2138413153-3778864687-1211121035-1000\$RAQ6MZ6\MovedFiles.zip        Mehrere Bedrohungen (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\Patricia Scharf\AppData\Local\Temp\Main.class        Java/Exploit.CVE-2011-3544.BF Trojaner (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\Patricia Scharf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\286d7e25-1f0b65f0        Mehrere Bedrohungen (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\Patricia Scharf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\286d7e25-26761fe8        Mehrere Bedrohungen (Säubern nicht möglich)        00000000000000000000000000000000        I
Malewarebytes:

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.07.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Patricia Scharf :: PATRICIA-PC [Administrator]

Schutz: Aktiviert

07.04.2012 14:49:46
mbam-log-2012-04-08 (03-00-51).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 429213
Laufzeit: 1 Stunde(n), 14 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Daten: c:\users\patricia scharf\appdata\roaming\k8rdift659c.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\$Recycle.Bin\S-1-5-21-2138413153-3778864687-1211121035-1000\$RAQ6MZ6\MovedFiles\04062012_201214\C_Users\Patricia Scharf\AppData\Roaming\flint4ytw.exe (Trojan.Agent.TKH) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-2138413153-3778864687-1211121035-1000\$RAQ6MZ6\MovedFiles\04062012_201214\C_Users\Patricia Scharf\AppData\Roaming\k8rdift659c.exe (Trojan.Agent.TKH) -> Keine Aktion durchgeführt.
C:\Users\Patricia Scharf\AppData\Local\Temp\0.38779871635636565.exe (Trojan.Agent.TKH) -> Keine Aktion durchgeführt.

(Ende)

cosinus 09.04.2012 19:10
Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Terminator92 09.04.2012 20:26
Doch, doch hab ich ;)

cosinus 09.04.2012 22:03
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Terminator92 12.04.2012 12:27
Ja alles funktioniert wieder uneingeschränkt und es sind keine leeren Ordner o.ä. im Startmenü.Das einzige was mir auffällt ist, dass das Update

"Sicherheitsupdate für Windows Vista (KB2378111)"

nicht installiert werden kann. Alle andren Updates erfolgen ohne Einschränkungen.

Durch eine manuelle Installation des Updates, hat es sich installieren lassen :)

cosinus 12.04.2012 15:14
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Terminator92 12.04.2012 16:59
Hier der Inhalt der OTL.txt:

Code:
OTL logfile created on: 12.04.2012 17:47:06 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Patricia Scharf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,12 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 81,06% Memory free
6,47 Gb Paging File | 5,39 Gb Available in Paging File | 83,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 221,89 Gb Free Space | 74,44% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 68,70 Gb Free Space | 61,46% Space Free | Partition Type: NTFS
 
Computer Name: PATRICIA-PC | User Name: Patricia Scharf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.12 17:45:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Patricia Scharf\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.04 06:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2011.01.27 00:55:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.01.27 00:55:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.07.07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Programme\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.15 04:21:18 | 001,780,224 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.11.10 14:24:22 | 000,105,632 | ---- | M] (Corel) -- C:\Programme\Common Files\Corel\Standby\Standby.exe
PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.12 13:04:01 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\03720d4ccc7abcf2145cf3c01e94ddb9\WindowsFormsIntegration.ni.dll
MOD - [2012.04.12 13:03:02 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll
MOD - [2012.04.12 12:59:05 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012.04.12 12:59:00 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012.04.12 12:58:51 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e6326da9ba4ba58f72287ad35faa8e09\PresentationFramework.ni.dll
MOD - [2012.04.12 12:58:36 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0e4e06c619563f0ad56db6c3f6168e29\PresentationCore.ni.dll
MOD - [2012.02.23 19:12:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012.02.23 19:12:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012.02.23 18:53:31 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012.02.23 18:52:47 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bc01d91f95947c7f25f3ae4e16db2cb5\System.Core.ni.dll
MOD - [2012.02.23 18:52:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012.02.23 18:52:18 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012.02.23 18:52:15 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011.10.28 14:49:46 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll
MOD - [2011.10.28 14:46:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.01.27 00:11:58 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.01.26 17:48:02 | 000,243,712 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.06.01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2010.03.02 09:30:58 | 064,125,952 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2010.02.08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.05.07 10:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 10:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009.03.29 21:42:14 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.29 21:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.24 18:16:58 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008.02.14 07:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.07 14:49:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.04 06:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011.01.27 00:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Programme\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.14 21:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.11.09 17:39:45 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.11.09 17:39:45 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.09.24 16:43:52 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.09.24 16:43:51 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVENG.SYS -- (NAVENG)
DRV - [2011.09.24 16:13:11 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.09.23 09:11:20 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20111222.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011.08.22 04:53:36 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV - [2011.08.22 04:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.sys -- (SymEFA)
DRV - [2011.08.04 06:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\cchpx86.sys -- (ccHP)
DRV - [2011.01.27 01:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.01.27 00:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.17 14:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010.05.31 05:43:16 | 000,252,008 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.04.29 07:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\ironx86.sys -- (SymIRON)
DRV - [2010.04.27 03:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.04.27 03:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.04.22 04:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1109000.00C\srtsp.sys -- (SRTSP)
DRV - [2010.04.22 04:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010.03.02 13:27:28 | 001,127,936 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010.01.11 13:28:30 | 000,099,952 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.10.15 05:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\symds.sys -- (SymDS)
DRV - [2009.08.04 04:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.05.05 03:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2006.10.18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 B0 4E D1 1B 05 CD 01  [binary data]
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\..\SearchScopes,DefaultScope = {5753BF03-E608-4603-BB15-9BDF15819347}
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\..\SearchScopes\{3993786B-DF52-4cb1-9846-2A7307B26782}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\..\SearchScopes\{5753BF03-E608-4603-BB15-9BDF15819347}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2011.09.28 14:21:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2012.04.12 13:46:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.20 15:00:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.09.24 13:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patricia Scharf\AppData\Roaming\mozilla\Extensions
[2011.09.25 18:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.25 18:01:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.09.28 14:21:05 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPLGN
[2011.09.25 14:29:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.11.20 15:00:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.20 15:00:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.20 15:00:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.20 15:00:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.20 15:00:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.20 15:00:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.20 15:00:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.07 02:12:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Patricia Scharf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{156F4B96-5530-49E8-B55C-BC95A67221DA}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Patricia Scharf\AppData\Roaming\Microsoft\Windows Photo Gallery\wallpaper3.jpg
O24 - Desktop BackupWallPaper: C:\Users\Patricia Scharf\AppData\Roaming\Microsoft\Windows Photo Gallery\wallpaper3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Programme\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Programme\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.12 17:45:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Patricia Scharf\Desktop\OTL.exe
[2012.04.09 17:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.07 14:20:19 | 000,000,000 | ---D | C] -- C:\Users\Patricia Scharf\AppData\Roaming\Malwarebytes
[2012.04.07 14:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.07 14:20:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.07 14:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.06 17:34:29 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012.03.31 20:18:51 | 000,000,000 | ---D | C] -- C:\001ff1ab907109e295
[2012.03.18 17:54:43 | 000,000,000 | ---D | C] -- C:\Users\Patricia Scharf\AppData\Local\CrashDumps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.12 17:48:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.12 17:45:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Patricia Scharf\Desktop\OTL.exe
[2012.04.12 17:44:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.12 13:51:55 | 000,856,182 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.12 13:51:55 | 000,663,576 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.12 13:51:55 | 000,197,506 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.12 13:51:55 | 000,168,770 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.12 13:46:52 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.12 13:46:52 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.12 13:46:19 | 3353,534,464 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.06 17:17:19 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.03.15 13:21:26 | 000,288,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.07 14:49:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.04 16:11:20 | 3353,534,464 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.02 16:01:28 | 000,005,632 | ---- | C] () -- C:\Users\Patricia Scharf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.26 15:02:18 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.09.24 16:14:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.09.24 16:14:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.09.24 16:14:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.09.24 12:58:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.24 12:02:41 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.09.22 20:49:39 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2011.09.22 20:49:39 | 000,011,296 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.09.22 20:49:37 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2011.09.22 20:49:37 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2011.09.22 20:49:01 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.09.22 20:46:35 | 000,044,650 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.09.22 18:04:40 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011.09.22 18:04:37 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.09.22 18:04:34 | 000,030,974 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.22 17:23:21 | 000,000,680 | ---- | C] () -- C:\Users\Patricia Scharf\AppData\Local\d3d9caps.dat
[2011.01.27 00:11:58 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.12.17 18:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== LOP Check ==========
 
[2011.09.25 18:06:09 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\OpenOffice.org
[2011.09.26 15:03:12 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Ulead Systems
[2012.04.12 13:45:28 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.21 15:40:40 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Adobe
[2011.09.25 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\ATI
[2011.09.26 15:02:26 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Corel
[2011.09.22 17:23:24 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Identities
[2011.09.24 11:53:30 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Macromedia
[2012.04.07 14:20:19 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Media Center Programs
[2012.03.11 19:21:13 | 000,000,000 | --SD | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Microsoft
[2011.09.24 13:15:53 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Mozilla
[2011.09.25 18:06:09 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\OpenOffice.org
[2011.09.26 15:03:12 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Ulead Systems
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.01.27 00:56:30 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll

< End of report >
Eine Extras.txt Log-Datei mit folgendem Inhalt hat sich zusätzlich geöffnet:

Code:
OTL Extras logfile created on: 12.04.2012 17:47:06 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Patricia Scharf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,12 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 81,06% Memory free
6,47 Gb Paging File | 5,39 Gb Available in Paging File | 83,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 221,89 Gb Free Space | 74,44% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 68,70 Gb Free Space | 61,46% Space Free | Partition Type: NTFS
 
Computer Name: PATRICIA-PC | User Name: Patricia Scharf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2138413153-3778864687-1211121035-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FBD08F7-C0E4-44C4-B1AD-BE60277250EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{1396CD32-CE4B-43AD-AAB8-3BF3AE723685}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E580AA7-BC36-496B-A035-6D16D562AC31}" = lport=445 | protocol=6 | dir=in | app=system |
"{5FA4698E-7084-497A-815A-61D0CA254326}" = lport=137 | protocol=17 | dir=in | app=system |
"{73BA76C7-1524-44B3-9E36-CEBCCFDEFD27}" = rport=139 | protocol=6 | dir=out | app=system |
"{869CBF6E-926F-4D08-871B-23827AFC31B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{9594876E-1E3E-4B66-A0F1-23BB43767B4F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9FC228C2-D7B9-44DB-B761-4E85242D9490}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C28E2C82-2A61-460A-BFA6-4F82DC97A2E8}" = rport=137 | protocol=17 | dir=out | app=system |
"{E38964A6-4035-45D6-B9B0-25E7948F2D0E}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F73898C-46C2-44F1-82F5-2431D81E6BED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A8956110-C79B-41D3-96E4-78B53E191D17}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CB957BC9-C2B5-4E62-B62E-B5B0F147972F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FC9812E4-D387-48E4-B425-AE2CA001072E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{AB84BA61-3D10-4782-B52C-A37DB20532E5}" = Corel PaintShop Photo 2010
"{0053CC02-9A68-C88E-6890-0A749DF9BD7B}" = CCC Help Thai
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0805B720-5CD0-143C-E569-149D546A92FA}" = CCC Help Chinese Traditional
"{11B79EBE-12F0-7F67-028C-28763D04522C}" = CCC Help Polish
"{19901F0F-3857-5E46-FF17-9B5653860B75}" = CCC Help Turkish
"{1E6A4185-C2E8-1AB7-6C05-806C015FFE7E}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20DFB114-5520-4BEE-B276-4A4204E1FBB4}" = PureHD
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2747BEA4-A2E1-6513-7524-4DBBC7823E4A}" = CCC Help Chinese Standard
"{2DD9C2F1-CC6E-449D-935B-4111396EF19F}" = MLE
"{2E443D29-FB41-07FB-21E9-852D477570BE}" = CCC Help English
"{307A2BE0-FC2A-5CFB-C948-058D62F4B39D}" = ccc-utility
"{3776754C-4283-DF7D-F28A-0221CD5F07AE}" = CCC Help Russian
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{451D691A-D425-01D3-B1C7-0A3161878ECE}" = CCC Help Hungarian
"{46D19CDC-934A-B652-FC86-C2D4732C6D09}" = AMD Fuel
"{47FDE7DF-E065-EBF3-5CA1-44BB75F05F6A}" = CCC Help Japanese
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{49E54A90-948C-D78B-CECE-9A7B380491F0}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A93AD88-E424-F6A3-5620-697FA89AAD14}" = CCC Help Korean
"{4C6B0067-4399-7F36-4C34-18D861D7662E}" = CCC Help French
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55DE01D1-9E39-292C-8DF8-9F753992D548}" = CCC Help Swedish
"{5A4B0298-6C1A-E615-BE09-D65A63AAB2ED}" = Catalyst Control Center Graphics Previews Common
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{624885E1-2458-4F12-A975-EA368C3523FA}" = DeviceIO
"{6BCD1560-6292-4A70-A808-C0FE414A7DB4}" = Contents
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A497FCE-53D2-8D70-C497-CD5585953F62}" = CCC Help Spanish
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A440AC73-43D1-D096-B7B8-051E4282F330}" = CCC Help Finnish
"{A982D950-FAB9-744E-41BE-285082FF86C2}" = CCC Help Italian
"{AAEB8781-5EBD-4332-B86D-428DE7EF6DA2}" = Setup
"{AB84BA61-3D10-4782-B52C-A37DB20532E5}" = ICA
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B1B96C4D-EDE5-4A47-A4E3-01C3504A812B}" = Corel Style Pack 2010-001
"{B39A18D0-296E-2B41-4CCC-58AF0B772F8E}" = CCC Help Greek
"{C6526EF6-214D-20CC-E8B8-2E79BFC0D11E}" = CCC Help Dutch
"{CA212D9E-EDFB-B0D8-B1D5-05ED5838F6B7}" = ccc-core-static
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8F619D-9919-4C1A-859D-B9F24C2454AD}" = IPM_P
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D95A0957-F389-C180-9660-B48E41FD83D4}" = ATI Catalyst Install Manager
"{DE9069FA-EF9E-25CD-67E7-0242935CCD49}" = HydraVision
"{DEDE10BE-6C0D-6941-95EA-0822D8DE1C90}" = CCC Help Portuguese
"{E0B7F981-EA26-491A-A975-E3AB4748E9FA}" = Share
"{E0EF9C75-60EA-4DFB-A537-2A9E0C2E2056}" = PSPH10
"{E1D8FD24-8CC4-9038-0B15-ADBB922DA352}" = CCC Help Danish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F3FA8952-2C42-452A-BA22-2F7BDEC8D310}" = VIO
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7725A3F-32F6-85C9-1EFA-92C482B35363}" = ATI AVIVO Codecs
"{FA5E8C25-6204-76B9-AB27-866D6A2131C5}" = Catalyst Control Center Localization All
"{FB45F14F-E6F9-796D-86A3-C096B5BEF842}" = CCC Help German
"{FE33F0E4-33DD-E7E9-78CB-507306FD0463}" = Catalyst Control Center InstallProxy
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.11.0
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"NIS" = Norton Internet Security
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.04.2012 06:59:58 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 12.04.2012 06:59:58 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3011
Description =
 
Error - 12.04.2012 07:30:28 | Computer Name = Patricia-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12.04.2012 07:34:19 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 12.04.2012 07:34:19 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 12.04.2012 07:34:19 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3011
Description =
 
Error - 12.04.2012 07:47:58 | Computer Name = Patricia-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12.04.2012 07:51:52 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 12.04.2012 07:51:52 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 12.04.2012 07:51:52 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3011
Description =
 
[ System Events ]
Error - 03.01.2012 04:51:25 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 03.01.2012 04:51:25 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 03.01.2012 04:51:25 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 03.01.2012 04:51:25 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 03.01.2012 04:51:58 | Computer Name = Patricia-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 07.01.2012 09:10:52 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 07.01.2012 09:10:52 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 07.01.2012 09:10:52 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 07.01.2012 09:10:52 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 07.01.2012 09:11:16 | Computer Name = Patricia-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
 
< End of report >

cosinus 12.04.2012 19:30
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Terminator92 12.04.2012 19:47
Hier der Report vom TDSS-Killer:

Code:
20:45:16.0194 1400        TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:45:16.0419 1400        ============================================================
20:45:16.0419 1400        Current date / time: 2012/04/12 20:45:16.0419
20:45:16.0419 1400        SystemInfo:
20:45:16.0419 1400       
20:45:16.0419 1400        OS Version: 6.0.6002 ServicePack: 2.0
20:45:16.0419 1400        Product type: Workstation
20:45:16.0419 1400        ComputerName: PATRICIA-PC
20:45:16.0419 1400        UserName: Patricia Scharf
20:45:16.0420 1400        Windows directory: C:\Windows
20:45:16.0420 1400        System windows directory: C:\Windows
20:45:16.0420 1400        Processor architecture: Intel x86
20:45:16.0420 1400        Number of processors: 2
20:45:16.0420 1400        Page size: 0x1000
20:45:16.0420 1400        Boot type: Normal boot
20:45:16.0420 1400        ============================================================
20:45:17.0471 1400        Drive \Device\Harddisk0\DR0 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
20:45:17.0480 1400        Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:45:17.0481 1400        \Device\Harddisk0\DR0:
20:45:17.0481 1400        MBR used
20:45:17.0481 1400        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
20:45:17.0481 1400        \Device\Harddisk1\DR1:
20:45:17.0482 1400        MBR used
20:45:17.0482 1400        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
20:45:17.0534 1400        Initialize success
20:45:17.0534 1400        ============================================================
20:45:36.0244 4148        ============================================================
20:45:36.0244 4148        Scan started
20:45:36.0244 4148        Mode: Manual; SigCheck; TDLFS;
20:45:36.0244 4148        ============================================================
20:45:36.0687 4148        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:45:36.0746 4148        ACPI - ok
20:45:36.0794 4148        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:45:36.0802 4148        AdobeFlashPlayerUpdateSvc - ok
20:45:36.0837 4148        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:45:36.0853 4148        adp94xx - ok
20:45:36.0871 4148        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:45:36.0882 4148        adpahci - ok
20:45:36.0898 4148        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:45:36.0908 4148        adpu160m - ok
20:45:36.0922 4148        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:45:36.0931 4148        adpu320 - ok
20:45:36.0963 4148        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:45:37.0053 4148        AeLookupSvc - ok
20:45:37.0092 4148        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:45:37.0146 4148        AFD - ok
20:45:37.0180 4148        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:45:37.0192 4148        agp440 - ok
20:45:37.0209 4148        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:45:37.0220 4148        aic78xx - ok
20:45:37.0233 4148        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:45:37.0304 4148        ALG - ok
20:45:37.0320 4148        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:45:37.0330 4148        aliide - ok
20:45:37.0361 4148        AMD External Events Utility (aefeee2e852f2774a4491c8efa6c3b6e) C:\Windows\system32\atiesrxx.exe
20:45:37.0413 4148        AMD External Events Utility - ok
20:45:37.0473 4148        AMD Reservation Manager (9fe76d783a7d47965d086a220b54277b) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
20:45:37.0484 4148        AMD Reservation Manager - ok
20:45:37.0510 4148        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:45:37.0521 4148        amdagp - ok
20:45:37.0537 4148        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:45:37.0548 4148        amdide - ok
20:45:37.0562 4148        amdiox86        (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
20:45:37.0588 4148        amdiox86 - ok
20:45:37.0605 4148        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:45:37.0633 4148        AmdK7 - ok
20:45:37.0645 4148        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:45:37.0668 4148        AmdK8 - ok
20:45:37.0787 4148        amdkmdag        (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
20:45:37.0963 4148        amdkmdag - ok
20:45:38.0026 4148        amdkmdap        (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys
20:45:38.0051 4148        amdkmdap - ok
20:45:38.0092 4148        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:45:38.0124 4148        Appinfo - ok
20:45:38.0161 4148        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:45:38.0173 4148        arc - ok
20:45:38.0210 4148        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:45:38.0222 4148        arcsas - ok
20:45:38.0247 4148        AsIO            (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
20:45:38.0256 4148        AsIO - ok
20:45:38.0293 4148        AsSysCtrlService (8c1fd73cc27edd8d3344c632571c224c) C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
20:45:38.0333 4148        AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
20:45:38.0333 4148        AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
20:45:38.0359 4148        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:45:38.0406 4148        AsyncMac - ok
20:45:38.0433 4148        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:45:38.0449 4148        atapi - ok
20:45:38.0477 4148        AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
20:45:38.0487 4148        AtiHDAudioService - ok
20:45:38.0513 4148        AtiPcie        (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:45:38.0522 4148        AtiPcie - ok
20:45:38.0611 4148        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:45:38.0653 4148        AudioEndpointBuilder - ok
20:45:38.0659 4148        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:45:38.0682 4148        Audiosrv - ok
20:45:38.0726 4148        BCUService      (7ed4e1d2e124ad4e6a287cf49dbc9bba) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
20:45:38.0740 4148        BCUService - ok
20:45:38.0817 4148        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:45:38.0839 4148        Beep - ok
20:45:38.0860 4148        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:45:38.0904 4148        BFE - ok
20:45:38.0994 4148        BHDrvx86        (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
20:45:39.0010 4148        BHDrvx86 - ok
20:45:39.0054 4148        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
20:45:39.0094 4148        BITS - ok
20:45:39.0107 4148        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:45:39.0122 4148        blbdrive - ok
20:45:39.0154 4148        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:45:39.0179 4148        bowser - ok
20:45:39.0205 4148        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:45:39.0228 4148        BrFiltLo - ok
20:45:39.0254 4148        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:45:39.0271 4148        BrFiltUp - ok
20:45:39.0291 4148        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:45:39.0314 4148        Browser - ok
20:45:39.0331 4148        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:45:39.0435 4148        Brserid - ok
20:45:39.0454 4148        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:45:39.0507 4148        BrSerWdm - ok
20:45:39.0519 4148        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:45:39.0570 4148        BrUsbMdm - ok
20:45:39.0581 4148        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:45:39.0638 4148        BrUsbSer - ok
20:45:39.0679 4148        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:45:39.0732 4148        BTHMODEM - ok
20:45:39.0806 4148        ccHP            (1fa1c0e73eca849bed29a47c508f7f17) C:\Windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys
20:45:39.0830 4148        ccHP - ok
20:45:39.0850 4148        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:45:39.0875 4148        cdfs - ok
20:45:39.0900 4148        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:45:39.0918 4148        cdrom - ok
20:45:39.0948 4148        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:45:39.0989 4148        CertPropSvc - ok
20:45:40.0009 4148        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:45:40.0028 4148        circlass - ok
20:45:40.0039 4148        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:45:40.0050 4148        CLFS - ok
20:45:40.0104 4148        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:45:40.0110 4148        clr_optimization_v2.0.50727_32 - ok
20:45:40.0165 4148        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:45:40.0174 4148        clr_optimization_v4.0.30319_32 - ok
20:45:40.0200 4148        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:45:40.0209 4148        cmdide - ok
20:45:40.0283 4148        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
20:45:40.0293 4148        Compbatt - ok
20:45:40.0363 4148        COMSysApp - ok
20:45:40.0420 4148        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:45:40.0428 4148        crcdisk - ok
20:45:40.0454 4148        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:45:40.0476 4148        Crusoe - ok
20:45:40.0524 4148        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:45:40.0556 4148        CryptSvc - ok
20:45:40.0608 4148        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:45:40.0659 4148        DcomLaunch - ok
20:45:40.0684 4148        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:45:40.0712 4148        DfsC - ok
20:45:40.0774 4148        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:45:40.0854 4148        DFSR - ok
20:45:40.0911 4148        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:45:40.0937 4148        Dhcp - ok
20:45:40.0961 4148        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:45:40.0974 4148        disk - ok
20:45:41.0012 4148        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:45:41.0050 4148        Dnscache - ok
20:45:41.0072 4148        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:45:41.0092 4148        dot3svc - ok
20:45:41.0118 4148        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:45:41.0170 4148        DPS - ok
20:45:41.0201 4148        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:45:41.0234 4148        drmkaud - ok
20:45:41.0294 4148        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:45:41.0316 4148        DXGKrnl - ok
20:45:41.0345 4148        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:45:41.0370 4148        E1G60 - ok
20:45:41.0394 4148        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:45:41.0419 4148        EapHost - ok
20:45:41.0453 4148        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:45:41.0466 4148        Ecache - ok
20:45:41.0564 4148        eeCtrl          (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:45:41.0582 4148        eeCtrl - ok
20:45:41.0611 4148        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:45:41.0635 4148        ehRecvr - ok
20:45:41.0649 4148        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:45:41.0683 4148        ehSched - ok
20:45:41.0694 4148        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:45:41.0715 4148        ehstart - ok
20:45:41.0743 4148        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:45:41.0761 4148        elxstor - ok
20:45:41.0794 4148        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:45:41.0856 4148        EMDMgmt - ok
20:45:41.0940 4148        EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:45:41.0950 4148        EraserUtilRebootDrv - ok
20:45:41.0990 4148        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:45:42.0023 4148        ErrDev - ok
20:45:42.0054 4148        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:45:42.0115 4148        EventSystem - ok
20:45:42.0164 4148        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:45:42.0187 4148        exfat - ok
20:45:42.0232 4148        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:45:42.0263 4148        fastfat - ok
20:45:42.0287 4148        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:45:42.0313 4148        fdc - ok
20:45:42.0330 4148        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:45:42.0345 4148        fdPHost - ok
20:45:42.0354 4148        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:45:42.0380 4148        FDResPub - ok
20:45:42.0388 4148        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:45:42.0395 4148        FileInfo - ok
20:45:42.0411 4148        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:45:42.0434 4148        Filetrace - ok
20:45:42.0452 4148        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:45:42.0477 4148        flpydisk - ok
20:45:42.0484 4148        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:45:42.0493 4148        FltMgr - ok
20:45:42.0538 4148        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:45:42.0575 4148        FontCache - ok
20:45:42.0632 4148        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:45:42.0639 4148        FontCache3.0.0.0 - ok
20:45:42.0658 4148        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:45:42.0684 4148        Fs_Rec - ok
20:45:42.0701 4148        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:45:42.0710 4148        gagp30kx - ok
20:45:42.0744 4148        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:45:42.0789 4148        gpsvc - ok
20:45:42.0828 4148        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:45:42.0867 4148        HdAudAddService - ok
20:45:42.0894 4148        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:45:42.0947 4148        HDAudBus - ok
20:45:42.0959 4148        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:45:43.0010 4148        HidBth - ok
20:45:43.0035 4148        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:45:43.0090 4148        HidIr - ok
20:45:43.0111 4148        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:45:43.0153 4148        hidserv - ok
20:45:43.0187 4148        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:45:43.0218 4148        HidUsb - ok
20:45:43.0245 4148        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:45:43.0275 4148        hkmsvc - ok
20:45:43.0288 4148        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:45:43.0299 4148        HpCISSs - ok
20:45:43.0316 4148        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:45:43.0356 4148        HTTP - ok
20:45:43.0379 4148        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:45:43.0390 4148        i2omp - ok
20:45:43.0420 4148        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:45:43.0444 4148        i8042prt - ok
20:45:43.0457 4148        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:45:43.0471 4148        iaStorV - ok
20:45:43.0543 4148        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:45:43.0589 4148        idsvc - ok
20:45:43.0692 4148        IDSVix86        (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20111222.001\IDSvix86.sys
20:45:43.0707 4148        IDSVix86 - ok
20:45:43.0731 4148        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:45:43.0741 4148        iirsp - ok
20:45:43.0784 4148        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:45:43.0840 4148        IKEEXT - ok
20:45:43.0868 4148        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:45:43.0879 4148        intelide - ok
20:45:43.0892 4148        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:45:43.0920 4148        intelppm - ok
20:45:43.0940 4148        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:45:43.0976 4148        IPBusEnum - ok
20:45:43.0987 4148        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:45:44.0018 4148        IpFilterDriver - ok
20:45:44.0038 4148        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:45:44.0075 4148        iphlpsvc - ok
20:45:44.0081 4148        IpInIp - ok
20:45:44.0114 4148        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:45:44.0175 4148        IPMIDRV - ok
20:45:44.0193 4148        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:45:44.0234 4148        IPNAT - ok
20:45:44.0252 4148        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:45:44.0288 4148        IRENUM - ok
20:45:44.0306 4148        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:45:44.0321 4148        isapnp - ok
20:45:44.0355 4148        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:45:44.0369 4148        iScsiPrt - ok
20:45:44.0385 4148        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:45:44.0395 4148        iteatapi - ok
20:45:44.0411 4148        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:45:44.0421 4148        iteraid - ok
20:45:44.0443 4148        JRAID          (66b92b9287b9b5d2e8d61f61c8f3b97a) C:\Windows\system32\DRIVERS\jraid.sys
20:45:44.0453 4148        JRAID - ok
20:45:44.0464 4148        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:45:44.0475 4148        kbdclass - ok
20:45:44.0503 4148        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:45:44.0523 4148        kbdhid - ok
20:45:44.0564 4148        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:45:44.0600 4148        KeyIso - ok
20:45:44.0630 4148        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:45:44.0650 4148        KSecDD - ok
20:45:44.0704 4148        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:45:44.0786 4148        KtmRm - ok
20:45:44.0857 4148        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
20:45:44.0902 4148        LanmanServer - ok
20:45:44.0931 4148        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:45:44.0959 4148        LanmanWorkstation - ok
20:45:44.0987 4148        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:45:45.0034 4148        lltdio - ok
20:45:45.0053 4148        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:45:45.0092 4148        lltdsvc - ok
20:45:45.0107 4148        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:45:45.0149 4148        lmhosts - ok
20:45:45.0183 4148        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:45:45.0195 4148        LSI_FC - ok
20:45:45.0227 4148        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:45:45.0239 4148        LSI_SAS - ok
20:45:45.0267 4148        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:45:45.0279 4148        LSI_SCSI - ok
20:45:45.0298 4148        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:45:45.0328 4148        luafv - ok
20:45:45.0364 4148        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
20:45:45.0374 4148        MBAMProtector - ok
20:45:45.0425 4148        MBAMService    (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:45:45.0452 4148        MBAMService - ok
20:45:45.0472 4148        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:45:45.0491 4148        Mcx2Svc - ok
20:45:45.0505 4148        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:45:45.0516 4148        megasas - ok
20:45:45.0531 4148        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:45:45.0565 4148        MegaSR - ok
20:45:45.0599 4148        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:45:45.0655 4148        MMCSS - ok
20:45:45.0671 4148        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:45:45.0698 4148        Modem - ok
20:45:45.0716 4148        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:45:45.0745 4148        monitor - ok
20:45:45.0758 4148        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:45:45.0769 4148        mouclass - ok
20:45:45.0786 4148        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:45:45.0810 4148        mouhid - ok
20:45:45.0820 4148        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:45:45.0832 4148        MountMgr - ok
20:45:45.0851 4148        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:45:45.0863 4148        mpio - ok
20:45:45.0877 4148        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:45:45.0894 4148        mpsdrv - ok
20:45:45.0921 4148        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:45:45.0961 4148        MpsSvc - ok
20:45:45.0974 4148        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:45:45.0983 4148        Mraid35x - ok
20:45:45.0999 4148        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:45:46.0011 4148        MRxDAV - ok
20:45:46.0041 4148        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:45:46.0077 4148        mrxsmb - ok
20:45:46.0106 4148        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:45:46.0148 4148        mrxsmb10 - ok
20:45:46.0170 4148        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:45:46.0189 4148        mrxsmb20 - ok
20:45:46.0219 4148        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:45:46.0230 4148        msahci - ok
20:45:46.0245 4148        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:45:46.0257 4148        msdsm - ok
20:45:46.0280 4148        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:45:46.0311 4148        MSDTC - ok
20:45:46.0326 4148        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:45:46.0349 4148        Msfs - ok
20:45:46.0365 4148        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:45:46.0376 4148        msisadrv - ok
20:45:46.0404 4148        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:45:46.0429 4148        MSiSCSI - ok
20:45:46.0435 4148        msiserver - ok
20:45:46.0457 4148        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:45:46.0489 4148        MSKSSRV - ok
20:45:46.0500 4148        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:45:46.0523 4148        MSPCLOCK - ok
20:45:46.0534 4148        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:45:46.0566 4148        MSPQM - ok
20:45:46.0591 4148        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:45:46.0604 4148        MsRPC - ok
20:45:46.0617 4148        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:45:46.0628 4148        mssmbios - ok
20:45:46.0638 4148        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:45:46.0661 4148        MSTEE - ok
20:45:46.0686 4148        MTsensor        (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
20:45:46.0710 4148        MTsensor - ok
20:45:46.0717 4148        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:45:46.0729 4148        Mup - ok
20:45:46.0753 4148        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:45:46.0782 4148        napagent - ok
20:45:46.0807 4148        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:45:46.0820 4148        NativeWifiP - ok
20:45:46.0892 4148        NAVENG          (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVENG.SYS
20:45:46.0901 4148        NAVENG - ok
20:45:46.0931 4148        NAVEX15        (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVEX15.SYS
20:45:46.0972 4148        NAVEX15 - ok
20:45:47.0031 4148        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:45:47.0052 4148        NDIS - ok
20:45:47.0077 4148        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:45:47.0104 4148        NdisTapi - ok
20:45:47.0130 4148        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:45:47.0154 4148        Ndisuio - ok
20:45:47.0174 4148        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:45:47.0192 4148        NdisWan - ok
20:45:47.0202 4148        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:45:47.0219 4148        NDProxy - ok
20:45:47.0229 4148        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:45:47.0266 4148        NetBIOS - ok
20:45:47.0283 4148        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:45:47.0302 4148        netbt - ok
20:45:47.0346 4148        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:45:47.0357 4148        Netlogon - ok
20:45:47.0380 4148        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:45:47.0416 4148        Netman - ok
20:45:47.0432 4148        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:45:47.0457 4148        netprofm - ok
20:45:47.0518 4148        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:45:47.0528 4148        NetTcpPortSharing - ok
20:45:47.0538 4148        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:45:47.0545 4148        nfrd960 - ok
20:45:47.0620 4148        NIS            (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
20:45:47.0626 4148        NIS - ok
20:45:47.0635 4148        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:45:47.0651 4148        NlaSvc - ok
20:45:47.0669 4148        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:45:47.0690 4148        Npfs - ok
20:45:47.0706 4148        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:45:47.0725 4148        nsi - ok
20:45:47.0737 4148        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:45:47.0769 4148        nsiproxy - ok
20:45:47.0807 4148        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:45:47.0833 4148        Ntfs - ok
20:45:47.0871 4148        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:45:47.0902 4148        ntrigdigi - ok
20:45:47.0912 4148        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:45:47.0930 4148        Null - ok
20:45:47.0950 4148        nusb3hub        (03ad379554b50fa1802be4ec2e291e92) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:45:47.0957 4148        nusb3hub - ok
20:45:47.0979 4148        nusb3xhc        (06fe87c9d181af5f04d192e604e10e6c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:45:47.0987 4148        nusb3xhc - ok
20:45:48.0009 4148        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:45:48.0018 4148        nvraid - ok
20:45:48.0032 4148        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:45:48.0040 4148        nvstor - ok
20:45:48.0050 4148        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:45:48.0061 4148        nv_agp - ok
20:45:48.0067 4148        NwlnkFlt - ok
20:45:48.0076 4148        NwlnkFwd - ok
20:45:48.0101 4148        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:45:48.0115 4148        ohci1394 - ok
20:45:48.0161 4148        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:45:48.0226 4148        p2pimsvc - ok
20:45:48.0236 4148        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:45:48.0269 4148        p2psvc - ok
20:45:48.0301 4148        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:45:48.0343 4148        Parport - ok
20:45:48.0367 4148        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:45:48.0379 4148        partmgr - ok
20:45:48.0396 4148        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:45:48.0445 4148        Parvdm - ok
20:45:48.0470 4148        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:45:48.0497 4148        PcaSvc - ok
20:45:48.0533 4148        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:45:48.0546 4148        pci - ok
20:45:48.0558 4148        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:45:48.0570 4148        pciide - ok
20:45:48.0586 4148        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:45:48.0598 4148        pcmcia - ok
20:45:48.0635 4148        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:45:48.0705 4148        PEAUTH - ok
20:45:48.0757 4148        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:45:48.0832 4148        pla - ok
20:45:48.0869 4148        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:45:48.0919 4148        PlugPlay - ok
20:45:48.0964 4148        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:45:48.0985 4148        PNRPAutoReg - ok
20:45:48.0995 4148        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:45:49.0017 4148        PNRPsvc - ok
20:45:49.0059 4148        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:45:49.0107 4148        PolicyAgent - ok
20:45:49.0154 4148        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:45:49.0185 4148        PptpMiniport - ok
20:45:49.0207 4148        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
20:45:49.0237 4148        Processor - ok
20:45:49.0267 4148        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:45:49.0295 4148        ProfSvc - ok
20:45:49.0322 4148        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:45:49.0333 4148        ProtectedStorage - ok
20:45:49.0357 4148        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:45:49.0387 4148        PSched - ok
20:45:49.0434 4148        PSI_SVC_2      (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:45:49.0444 4148        PSI_SVC_2 - ok
20:45:49.0477 4148        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:45:49.0512 4148        ql2300 - ok
20:45:49.0555 4148        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:45:49.0567 4148        ql40xx - ok
20:45:49.0587 4148        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:45:49.0605 4148        QWAVE - ok
20:45:49.0623 4148        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:45:49.0635 4148        QWAVEdrv - ok
20:45:49.0652 4148        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:45:49.0685 4148        RasAcd - ok
20:45:49.0705 4148        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:45:49.0730 4148        RasAuto - ok
20:45:49.0749 4148        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:45:49.0783 4148        Rasl2tp - ok
20:45:49.0814 4148        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:45:49.0852 4148        RasMan - ok
20:45:49.0915 4148        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:45:49.0942 4148        RasPppoe - ok
20:45:49.0950 4148        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:45:49.0963 4148        RasSstp - ok
20:45:49.0983 4148        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:45:50.0004 4148        rdbss - ok
20:45:50.0018 4148        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:45:50.0048 4148        RDPCDD - ok
20:45:50.0068 4148        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:45:50.0093 4148        rdpdr - ok
20:45:50.0101 4148        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:45:50.0124 4148        RDPENCDD - ok
20:45:50.0174 4148        RDPWD          (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:45:50.0221 4148        RDPWD - ok
20:45:50.0258 4148        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:45:50.0282 4148        RemoteAccess - ok
20:45:50.0296 4148        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:45:50.0316 4148        RemoteRegistry - ok
20:45:50.0326 4148        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:45:50.0377 4148        RpcLocator - ok
20:45:50.0410 4148        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:45:50.0436 4148        RpcSs - ok
20:45:50.0448 4148        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:45:50.0477 4148        rspndr - ok
20:45:50.0506 4148        RTL8169        (03aed3e3888aa2e334119ca4bd8bb5de) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:45:50.0518 4148        RTL8169 - ok
20:45:50.0558 4148        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:45:50.0569 4148        SamSs - ok
20:45:50.0584 4148        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:45:50.0595 4148        sbp2port - ok
20:45:50.0612 4148        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:45:50.0631 4148        SCardSvr - ok
20:45:50.0666 4148        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:45:50.0746 4148        Schedule - ok
20:45:50.0793 4148        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:45:50.0810 4148        SCPolicySvc - ok
20:45:50.0845 4148        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:45:50.0892 4148        SDRSVC - ok
20:45:50.0904 4148        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:45:50.0954 4148        secdrv - ok
20:45:50.0961 4148        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:45:50.0988 4148        seclogon - ok
20:45:51.0005 4148        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
20:45:51.0039 4148        SENS - ok
20:45:51.0059 4148        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
20:45:51.0082 4148        Serenum - ok
20:45:51.0107 4148        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
20:45:51.0159 4148        Serial - ok
20:45:51.0177 4148        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:45:51.0201 4148        sermouse - ok
20:45:51.0227 4148        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:45:51.0252 4148        SessionEnv - ok
20:45:51.0271 4148        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:45:51.0288 4148        sffdisk - ok
20:45:51.0302 4148        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:45:51.0325 4148        sffp_mmc - ok
20:45:51.0332 4148        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:45:51.0355 4148        sffp_sd - ok
20:45:51.0367 4148        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:45:51.0415 4148        sfloppy - ok
20:45:51.0434 4148        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:45:51.0454 4148        SharedAccess - ok
20:45:51.0481 4148        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:45:51.0495 4148        ShellHWDetection - ok
20:45:51.0510 4148        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:45:51.0521 4148        sisagp - ok
20:45:51.0536 4148        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:45:51.0545 4148        SiSRaid2 - ok
20:45:51.0566 4148        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:45:51.0574 4148        SiSRaid4 - ok
20:45:51.0634 4148        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:45:51.0689 4148        slsvc - ok
20:45:51.0731 4148        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:45:51.0743 4148        SLUINotify - ok
20:45:51.0751 4148        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:45:51.0777 4148        Smb - ok
20:45:51.0811 4148        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:45:51.0819 4148        SNMPTRAP - ok
20:45:51.0836 4148        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:45:51.0844 4148        spldr - ok
20:45:51.0873 4148        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:45:51.0912 4148        Spooler - ok
20:45:51.0973 4148        SRTSP          (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS
20:45:51.0985 4148        SRTSP - ok
20:45:52.0004 4148        SRTSPX          (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS
20:45:52.0011 4148        SRTSPX - ok
20:45:52.0028 4148        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:45:52.0066 4148        srv - ok
20:45:52.0095 4148        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:45:52.0119 4148        srv2 - ok
20:45:52.0147 4148        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:45:52.0168 4148        srvnet - ok
20:45:52.0188 4148        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:45:52.0221 4148        SSDPSRV - ok
20:45:52.0243 4148        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:45:52.0257 4148        SstpSvc - ok
20:45:52.0301 4148        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:45:52.0358 4148        stisvc - ok
20:45:52.0384 4148        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:45:52.0395 4148        swenum - ok
20:45:52.0423 4148        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:45:52.0457 4148        swprv - ok
20:45:52.0469 4148        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:45:52.0478 4148        Symc8xx - ok
20:45:52.0524 4148        SymDS          (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS
20:45:52.0543 4148        SymDS - ok
20:45:52.0569 4148        SymEFA          (10ba64273feff4df0a7ccb0ff3b9b26b) C:\Windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS
20:45:52.0581 4148        SymEFA - ok
20:45:52.0609 4148        SymEvent        (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
20:45:52.0619 4148        SymEvent - ok
20:45:52.0632 4148        SymIRON        (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS
20:45:52.0643 4148        SymIRON - ok
20:45:52.0687 4148        SYMTDIv        (b501d61792d8355eae7eb4f7449a9d99) C:\Windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS
20:45:52.0705 4148        SYMTDIv - ok
20:45:52.0721 4148        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:45:52.0733 4148        Sym_hi - ok
20:45:52.0750 4148        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:45:52.0760 4148        Sym_u3 - ok
20:45:52.0781 4148        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:45:52.0808 4148        SysMain - ok
20:45:52.0845 4148        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:45:52.0868 4148        TabletInputService - ok
20:45:52.0896 4148        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:45:52.0917 4148        TapiSrv - ok
20:45:52.0929 4148        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:45:52.0964 4148        TBS - ok
20:45:52.0995 4148        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:45:53.0041 4148        Tcpip - ok
20:45:53.0058 4148        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:45:53.0102 4148        Tcpip6 - ok
20:45:53.0137 4148        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:45:53.0176 4148        tcpipreg - ok
20:45:53.0205 4148        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:45:53.0229 4148        TDPIPE - ok
20:45:53.0243 4148        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:45:53.0266 4148        TDTCP - ok
20:45:53.0283 4148        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:45:53.0301 4148        tdx - ok
20:45:53.0323 4148        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:45:53.0335 4148        TermDD - ok
20:45:53.0354 4148        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:45:53.0415 4148        TermService - ok
20:45:53.0435 4148        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:45:53.0450 4148        Themes - ok
20:45:53.0472 4148        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:45:53.0497 4148        THREADORDER - ok
20:45:53.0521 4148        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:45:53.0550 4148        TrkWks - ok
20:45:53.0569 4148        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:45:53.0588 4148        TrustedInstaller - ok
20:45:53.0610 4148        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:45:53.0639 4148        tssecsrv - ok
20:45:53.0651 4148        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:45:53.0668 4148        tunmp - ok
20:45:53.0689 4148        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:45:53.0712 4148        tunnel - ok
20:45:53.0730 4148        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:45:53.0741 4148        uagp35 - ok
20:45:53.0765 4148        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:45:53.0785 4148        udfs - ok
20:45:53.0808 4148        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:45:53.0834 4148        UI0Detect - ok
20:45:53.0853 4148        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:45:53.0865 4148        uliagpkx - ok
20:45:53.0878 4148        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:45:53.0893 4148        uliahci - ok
20:45:53.0910 4148        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:45:53.0922 4148        UlSata - ok
20:45:53.0940 4148        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:45:53.0953 4148        ulsata2 - ok
20:45:53.0971 4148        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:45:54.0004 4148        umbus - ok
20:45:54.0018 4148        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:45:54.0058 4148        upnphost - ok
20:45:54.0069 4148        usbccgp        (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
20:45:54.0111 4148        usbccgp - ok
20:45:54.0134 4148        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:45:54.0176 4148        usbcir - ok
20:45:54.0205 4148        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:45:54.0231 4148        usbehci - ok
20:45:54.0257 4148        usbfilter      (e5b14557793164db879ee56f5b59c3e2) C:\Windows\system32\DRIVERS\usbfilter.sys
20:45:54.0266 4148        usbfilter - ok
20:45:54.0283 4148        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:45:54.0321 4148        usbhub - ok
20:45:54.0350 4148        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
20:45:54.0375 4148        usbohci - ok
20:45:54.0399 4148        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:45:54.0423 4148        usbprint - ok
20:45:54.0439 4148        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:45:54.0467 4148        USBSTOR - ok
20:45:54.0480 4148        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:45:54.0497 4148        usbuhci - ok
20:45:54.0519 4148        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:45:54.0550 4148        UxSms - ok
20:45:54.0569 4148        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:45:54.0620 4148        vds - ok
20:45:54.0657 4148        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:45:54.0686 4148        vga - ok
20:45:54.0699 4148        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:45:54.0736 4148        VgaSave - ok
20:45:54.0767 4148        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:45:54.0779 4148        viaagp - ok
20:45:54.0796 4148        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:45:54.0818 4148        ViaC7 - ok
20:45:54.0854 4148        VIAHdAudAddService (e452632bf8717013f2a5fec53ee5ab48) C:\Windows\system32\drivers\viahduaa.sys
20:45:54.0897 4148        VIAHdAudAddService - ok
20:45:54.0924 4148        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:45:54.0935 4148        viaide - ok
20:45:54.0950 4148        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:45:54.0962 4148        volmgr - ok
20:45:54.0983 4148        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:45:54.0998 4148        volmgrx - ok
20:45:55.0023 4148        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:45:55.0038 4148        volsnap - ok
20:45:55.0056 4148        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:45:55.0069 4148        vsmraid - ok
20:45:55.0100 4148        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:45:55.0170 4148        VSS - ok
20:45:55.0199 4148        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:45:55.0221 4148        W32Time - ok
20:45:55.0244 4148        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:45:55.0292 4148        WacomPen - ok
20:45:55.0311 4148        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:55.0328 4148        Wanarp - ok
20:45:55.0332 4148        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:55.0349 4148        Wanarpv6 - ok
20:45:55.0360 4148        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:45:55.0396 4148        wcncsvc - ok
20:45:55.0446 4148        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:45:55.0496 4148        WcsPlugInService - ok
20:45:55.0508 4148        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:45:55.0519 4148        Wd - ok
20:45:55.0540 4148        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:45:55.0561 4148        Wdf01000 - ok
20:45:55.0575 4148        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:45:55.0611 4148        WdiServiceHost - ok
20:45:55.0616 4148        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:45:55.0641 4148        WdiSystemHost - ok
20:45:55.0663 4148        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:45:55.0685 4148        WebClient - ok
20:45:55.0715 4148        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:45:55.0755 4148        Wecsvc - ok
20:45:55.0769 4148        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:45:55.0799 4148        wercplsupport - ok
20:45:55.0818 4148        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:45:55.0838 4148        WerSvc - ok
20:45:55.0896 4148        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:45:55.0911 4148        WinDefend - ok
20:45:55.0917 4148        WinHttpAutoProxySvc - ok
20:45:55.0952 4148        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:45:55.0971 4148        Winmgmt - ok
20:45:56.0005 4148        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:45:56.0061 4148        WinRM - ok
20:45:56.0110 4148        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:45:56.0163 4148        Wlansvc - ok
20:45:56.0217 4148        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:45:56.0244 4148        WmiAcpi - ok
20:45:56.0260 4148        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:45:56.0290 4148        wmiApSrv - ok
20:45:56.0346 4148        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:45:56.0417 4148        WMPNetworkSvc - ok
20:45:56.0453 4148        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:45:56.0501 4148        WPCSvc - ok
20:45:56.0528 4148        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:45:56.0557 4148        WPDBusEnum - ok
20:45:56.0656 4148        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:45:56.0702 4148        WPFFontCache_v0400 - ok
20:45:56.0757 4148        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:45:56.0818 4148        ws2ifsl - ok
20:45:56.0831 4148        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
20:45:56.0850 4148        wscsvc - ok
20:45:56.0857 4148        WSearch - ok
20:45:56.0910 4148        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:45:56.0962 4148        wuauserv - ok
20:45:57.0015 4148        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:45:57.0039 4148        WUDFRd - ok
20:45:57.0062 4148        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:45:57.0087 4148        wudfsvc - ok
20:45:57.0096 4148        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:45:57.0147 4148        \Device\Harddisk0\DR0 - ok
20:45:57.0168 4148        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
20:45:57.0258 4148        \Device\Harddisk1\DR1 - ok
20:45:57.0261 4148        Boot (0x1200)  (81e916ff91b2bbd64c8244be1a7b5cbf) \Device\Harddisk0\DR0\Partition0
20:45:57.0262 4148        \Device\Harddisk0\DR0\Partition0 - ok
20:45:57.0266 4148        Boot (0x1200)  (20107a64a8a684681a116cb39f672c87) \Device\Harddisk1\DR1\Partition0
20:45:57.0267 4148        \Device\Harddisk1\DR1\Partition0 - ok
20:45:57.0269 4148        ============================================================
20:45:57.0269 4148        Scan finished
20:45:57.0269 4148        ============================================================
20:45:57.0281 4348        Detected object count: 1
20:45:57.0281 4348        Actual detected object count: 1
20:46:03.0227 4348        AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:03.0227 4348        AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 12.04.2012 20:15
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Terminator92 12.04.2012 21:17
Code:
ComboFix 12-04-12.03 - Patricia Scharf 12.04.2012  21:40:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3197.2357 [GMT 2:00]
ausgeführt von:: c:\users\Patricia Scharf\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-12 bis 2012-04-12  ))))))))))))))))))))))))))))))
.
.
2012-04-12 19:43 . 2012-04-12 19:43        --------        d-----w-        c:\users\Patricia Scharf\AppData\Local\temp
2012-04-12 19:43 . 2012-04-12 19:43        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-12 11:44 . 2010-09-13 13:56        168960        ----a-w-        c:\program files\Windows Media Player\wmplayer.exe
2012-04-12 11:44 . 2010-09-13 13:56        8147456        ----a-w-        c:\windows\system32\wmploc.DLL
2012-04-12 11:02 . 2012-03-14 02:15        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0FEB693-9013-458F-9996-3A2284E56B1D}\mpengine.dll
2012-04-12 10:57 . 2012-03-01 11:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 15:44 . 2012-04-09 15:44        --------        d-----w-        c:\program files\ESET
2012-04-07 12:49 . 2012-04-07 12:49        418464        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-04-07 12:20 . 2012-04-07 12:20        --------        d-----w-        c:\users\Patricia Scharf\AppData\Roaming\Malwarebytes
2012-04-07 12:20 . 2012-04-07 12:20        --------        d-----w-        c:\programdata\Malwarebytes
2012-04-07 12:20 . 2012-04-07 12:20        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-04-07 12:20 . 2011-12-10 13:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-04-06 15:34 . 2012-04-06 15:34        --------        d-----w-        c:\windows\CheckSur
2012-03-31 18:18 . 2012-03-31 18:18        --------        d-----w-        C:\001ff1ab907109e295
2012-03-18 15:54 . 2012-03-27 13:06        --------        d-----w-        c:\users\Patricia Scharf\AppData\Local\CrashDumps
2012-03-14 10:41 . 2012-02-02 15:16        2044416        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 10:41 . 2010-02-18 13:30        200704        ----a-w-        c:\windows\system32\iphlpsvc.dll
2012-03-14 10:41 . 2010-02-18 11:28        25088        ----a-w-        c:\windows\system32\drivers\tunnel.sys
2012-03-14 10:41 . 2012-02-14 15:45        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-03-14 10:41 . 2012-02-14 15:45        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-03-14 10:41 . 2012-02-13 14:12        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2012-03-14 10:41 . 2012-02-13 13:47        683008        ----a-w-        c:\windows\system32\d2d1.dll
2012-03-14 10:41 . 2012-02-13 13:44        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 10:40 . 2012-01-09 15:54        613376        ----a-w-        c:\windows\system32\rdpencom.dll
2012-03-14 10:40 . 2012-01-09 13:58        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 12:49 . 2011-10-30 16:52        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 15:17 . 2011-09-26 13:02        848        --sha-w-        c:\programdata\KGyGaAvL.sys
2012-02-23 07:18 . 2011-09-24 13:24        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-11-20 13:00 . 2011-09-24 11:15        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 1780224]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
"Six Engine"="c:\program files\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-11-10 105632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Patricia Scharf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 253600]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 97805093
*Deregistered* - 97805093
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:49]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Patricia Scharf\AppData\Roaming\Mozilla\Firefox\Profiles\2o9172kp.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-12 21:43
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
Zeit der Fertigstellung: 2012-04-12  21:44:52
ComboFix-quarantined-files.txt  2012-04-12 19:44
.
Vor Suchlauf: 7 Verzeichnis(se), 238.720.233.472 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 239.164.637.184 Bytes frei
.
- - End Of File - - 61C9C16021A68A80F49778E4CF4EE5BA

cosinus 12.04.2012 22:21
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Terminator92 13.04.2012 18:33
So alle 3 Logs:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-13 13:41:47
Windows 6.0.6002 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD322GJ rev.1AR10001
Running: 42rtcjkl.exe; Driver: C:\Users\PATRIC~1\AppData\Local\Temp\pwlyakob.sys


---- System - GMER 1.0.15 ----

SSDT            86E93318                                          ZwAlpcConnectPort
SSDT            86E992B8                                          ZwLoadDriver

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 13D                    81CF88C0 4 Bytes  [18, 33, E9, 86]
.text          ntkrnlpa.exe!KeSetEvent + 37D                    81CF8B00 4 Bytes  [B8, 92, E9, 86]
.text          C:\Windows\system32\DRIVERS\atikmdag.sys          section is writeable [0x90C05000, 0x37D761, 0xE8000020]
?              C:\Windows\system32\Drivers\PROCEXP113.SYS        Das System kann die angegebene Datei nicht finden. !
?              C:\Users\PATRIC~1\AppData\Local\Temp\catchme.sys  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                          SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                          SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\RawIp                        SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:45:36 on 13.04.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 7.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AsIO" (AsIO) - ? - C:\Windows\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
"catchme" (catchme) - ? - C:\Users\PATRIC~1\AppData\Local\Temp\catchme.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20111222.001\IDSvix86.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVEX15.SYS
"pwlyakob" (pwlyakob) - ? - C:\Users\PATRIC~1\AppData\Local\Temp\pwlyakob.sys  (Hidden registry entry, rootkit activity | File not found)
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1109000.00C\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1109000.00C\SYMEFA.SYS
"Symantec Hash Provider" (ccHP) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS
"Symantec Vista Network Dispatch Driver" (SYMTDIv) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} "SearchHook Class" - "DeviceVM, Inc." - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Patricia Scharf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"BCU" - "DeviceVM, Inc." - "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
"HDAudDeck" - "VIA" - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
"JMB36X IDE Setup" - ? - C:\Windows\RaidTool\xInsIDE.exe  (File found, but it contains no detailed information)
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Six Engine" - "

ASUSTeK Computer Inc." - "C:\Program Files\ASUS\EPU\EPU.exe" -b
"Standby" - "Corel" - "C:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TurboV EVO" - "ASUSTeK Computer Inc." - "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"AMD Reservation Manager" (AMD Reservation Manager) - "Advanced Micro Devices" - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
"ASUS System Control Service" (AsSysCtrlService) - ? - C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe  (File found, but it contains no detailed information)
"Browser Configuration Utility Service" (BCUService) - "DeviceVM, Inc." - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-13 18:40:23
-----------------------------
18:40:23.404    OS Version: Windows 6.0.6002 Service Pack 2
18:40:23.404    Number of processors: 2 586 0x603
18:40:23.404    ComputerName: PATRICIA-PC  UserName:
18:40:24.574    Initialize success
18:41:07.900    AVAST engine defs: 12041300
18:41:17.993    Disk 0  \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port0Path0Target0Lun0
18:41:17.993    Disk 0 Vendor: WDC_____ 510. Size: 114472MB BusType: 8
18:41:17.993    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
18:41:17.993    Disk 1 Vendor: SAMSUNG_HD322GJ 1AR10001 Size: 305245MB BusType: 3
18:41:18.211    Disk 1 MBR read successfully
18:41:18.242    Disk 1 MBR scan
18:41:18.274    Disk 1 Windows VISTA default MBR code
18:41:18.336    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS      305243 MB offset 2048
18:41:18.383    Disk 1 scanning sectors +625139712
18:41:18.695    Disk 1 scanning C:\Windows\system32\drivers
18:42:05.027    Service scanning
18:42:18.677    Modules scanning
18:43:07.832    Disk 1 trace - called modules:
18:43:07.864    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:43:07.864    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x853fbac8]
18:43:07.864    3 CLASSPNP.SYS[8a7ab8b3] -> nt!IofCallDriver -> [0x852cdf08]
18:43:07.864    5 acpi.sys[806146bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x853e25a8]
18:43:08.378    AVAST engine scan C:\Windows
18:44:16.285    AVAST engine scan C:\Windows\system32
18:50:47.549    AVAST engine scan C:\Windows\system32\drivers
18:51:13.148    AVAST engine scan C:\Users\Patricia Scharf
19:25:24.049    AVAST engine scan C:\ProgramData
19:30:35.332    Disk 1 MBR has been saved successfully to "C:\Users\Patricia Scharf\Desktop\MBR.dat"
19:30:35.332    The log file has been saved successfully to "C:\Users\Patricia Scharf\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-13 18:40:23
-----------------------------
18:40:23.404    OS Version: Windows 6.0.6002 Service Pack 2
18:40:23.404    Number of processors: 2 586 0x603
18:40:23.404    ComputerName: PATRICIA-PC  UserName:
18:40:24.574    Initialize success
18:41:07.900    AVAST engine defs: 12041300
18:41:17.993    Disk 0  \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port0Path0Target0Lun0
18:41:17.993    Disk 0 Vendor: WDC_____ 510. Size: 114472MB BusType: 8
18:41:17.993    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
18:41:17.993    Disk 1 Vendor: SAMSUNG_HD322GJ 1AR10001 Size: 305245MB BusType: 3
18:41:18.211    Disk 1 MBR read successfully
18:41:18.242    Disk 1 MBR scan
18:41:18.274    Disk 1 Windows VISTA default MBR code
18:41:18.336    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS      305243 MB offset 2048
18:41:18.383    Disk 1 scanning sectors +625139712
18:41:18.695    Disk 1 scanning C:\Windows\system32\drivers
18:42:05.027    Service scanning
18:42:18.677    Modules scanning
18:43:07.832    Disk 1 trace - called modules:
18:43:07.864    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:43:07.864    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x853fbac8]
18:43:07.864    3 CLASSPNP.SYS[8a7ab8b3] -> nt!IofCallDriver -> [0x852cdf08]
18:43:07.864    5 acpi.sys[806146bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x853e25a8]
18:43:08.378    AVAST engine scan C:\Windows
18:44:16.285    AVAST engine scan C:\Windows\system32
18:50:47.549    AVAST engine scan C:\Windows\system32\drivers
18:51:13.148    AVAST engine scan C:\Users\Patricia Scharf
19:25:24.049    AVAST engine scan C:\ProgramData
19:30:35.332    Disk 1 MBR has been saved successfully to "C:\Users\Patricia Scharf\Desktop\MBR.dat"
19:30:35.332    The log file has been saved successfully to "C:\Users\Patricia Scharf\Desktop\aswMBR.txt"
19:31:09.390    Scan finished successfully
19:31:15.786    Disk 1 MBR has been saved successfully to "C:\Users\Patricia Scharf\Desktop\MBR.dat"
19:31:15.786    The log file has been saved successfully to "C:\Users\Patricia Scharf\Desktop\aswMBR.txt"

cosinus 15.04.2012 14:59
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Terminator92 16.04.2012 19:39
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.15.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Patricia Scharf :: PATRICIA-PC [Administrator]

Schutz: Aktiviert

15.04.2012 18:52:57
mbam-log-2012-04-15 (18-52-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 433399
Laufzeit: 1 Stunde(n), 14 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/16/2012 at 08:03 PM

Application Version : 5.0.1146

Core Rules Database Version : 8459
Trace Rules Database Version: 6271

Scan type      : Complete Scan
Total Scan Time : 01:44:03

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 848
Memory threats detected  : 0
Registry items scanned    : 32716
Registry threats detected : 0
File items scanned        : 339364
File threats detected    : 450

Trojan.Agent/Gen-FakeAlert[Local]
        D:\PROGRAMDATA\ALDI SUED FOTOSERVICE\{AD88A033-F449-487A-BA4E-65EA402F02A6}\UPDATE\OPD_JP2.EXE

Adware.Tracking Cookie
        .mediaplex.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .traffictrack.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        fl01.ct2.comclick.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .himedia.individuad.net [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .himedia.individuad.net [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad2.adfarm1.adition.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad3.adfarm1.adition.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unitymedia.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unitymedia.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        fl01.ct2.comclick.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        fl01.ct2.comclick.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        vb.mol.vs.bluedotmedia.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        vb.mol.vs.bluedotmedia.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .xiti.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad4.adfarm1.adition.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.hannoversche.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.etracker.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .content.yieldmanager.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adfarm1.adition.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox-affiliate.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .traffictrack.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adserver.plus.ag [ D:\USERS\PATTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        bc.youporn.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        cdn-www.pornhub.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        cdn1.eyewonder.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        content3.pornkolt.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        ds.serving-sys.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        hardcoreporntube.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        imagesrv.adition.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        naiadsystems.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        pornme.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        pornotube.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        static.youporn.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        vidii.hardsextube.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        webmaster.pornme.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        www.mofosex.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        www.pornative.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        www.pornhost.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        www.pornhub.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        www.porntown.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        www.secmedia.de [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        wwwstatic.megaporn.com [ D:\USERS\PATTY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6M329RB2 ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADBRITE[1].TXT [ /ADBRITE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@E-2DJ6WJKYQHCZOGP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WJKYQHCZOGP.STATS.ESOMNITURE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@NEXTAG[2].TXT [ /NEXTAG ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@YOURAMATEURPORN[2].TXT [ /YOURAMATEURPORN ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@REVSCI[2].TXT [ /REVSCI ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD.360YIELD[2].TXT [ /AD.360YIELD ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ATDMT[2].TXT [ /ATDMT ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.ADSHOPPING[2].TXT [ /ADS.ADSHOPPING ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@PORNHYVE[1].TXT [ /PORNHYVE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@MEDIA.FUNPIC[1].TXT [ /MEDIA.FUNPIC ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADVERTISING[1].TXT [ /ADVERTISING ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@PORNTOWN[2].TXT [ /PORNTOWN ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@SECMEDIA[1].TXT [ /SECMEDIA ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@E-2DJ6WJKOAHD5SLO.STATS.ESOMNITURE[1].TXT [ /E-2DJ6WJKOAHD5SLO.STATS.ESOMNITURE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.RADIOTELEFFH[1].TXT [ /ADS.RADIOTELEFFH ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@E-2DJ6WHKOKNDJGFP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WHKOKNDJGFP.STATS.ESOMNITURE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.TRAFFICTRACK[1].TXT [ /WWW.TRAFFICTRACK ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ILEAD.ITRACK[2].TXT [ /ILEAD.ITRACK ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@APMEBF[1].TXT [ /APMEBF ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.CROSSWORXS[2].TXT [ /ADS.CROSSWORXS ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@UNITYMEDIA[1].TXT [ /UNITYMEDIA ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@BIZRATE[1].TXT [ /BIZRATE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@E-2DJ6WJLOCGDJKFO.STATS.ESOMNITURE[1].TXT [ /E-2DJ6WJLOCGDJKFO.STATS.ESOMNITURE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD.ADNET[1].TXT [ /AD.ADNET ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@TRACKING.MINDSHARE[1].TXT [ /TRACKING.MINDSHARE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS1.ADULTADVERTISING[1].TXT [ /ADS1.ADULTADVERTISING ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS2.ADULTADVERTISING[1].TXT [ /ADS2.ADULTADVERTISING ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADULTADWORLD[2].TXT [ /ADULTADWORLD ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.WERDER[2].TXT [ /ADS.WERDER ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@DEALTIME[1].TXT [ /DEALTIME ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.ADGOTO[2].TXT [ /ADS.ADGOTO ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@HIMEDIA.INDIVIDUAD[2].TXT [ /HIMEDIA.INDIVIDUAD ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@BURSTNET[1].TXT [ /BURSTNET ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.ZEUSCLICKS[1].TXT [ /ADS.ZEUSCLICKS ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD2.CLICKHYPE[1].TXT [ /AD2.CLICKHYPE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@TRACKING.HANNOVERSCHE[1].TXT [ /TRACKING.HANNOVERSCHE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@DFB.STATS.YUM[1].TXT [ /DFB.STATS.YUM ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADSERVER.MEDISCOPE[1].TXT [ /ADSERVER.MEDISCOPE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.PORNME[2].TXT [ /WWW.PORNME ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WW251.SMARTADSERVER[2].TXT [ /WW251.SMARTADSERVER ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@RTS.PGMEDIASERVE[2].TXT [ /RTS.PGMEDIASERVE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@SEXURIA[1].TXT [ /SEXURIA ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.MYNORTONACCOUNT[2].TXT [ /WWW.MYNORTONACCOUNT ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.TRAFFIKINGS[1].TXT [ /ADS.TRAFFIKINGS ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.SPORTWERK[2].TXT [ /ADS.SPORTWERK ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@OPODO.122.2O7[1].TXT [ /OPODO.122.2O7 ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ZANOX-AFFILIATE[2].TXT [ /ZANOX-AFFILIATE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ZANOX[1].TXT [ /ZANOX ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@A3.ADSERVER01[2].TXT [ /A3.ADSERVER01 ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@NAKED[2].TXT [ /NAKED ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@PORNME[3].TXT [ /PORNME ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@PORNME[2].TXT [ /PORNME ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.WEBOOST[2].TXT [ /ADS.WEBOOST ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@STATSE.WEBTRENDSLIVE[1].TXT [ /STATSE.WEBTRENDSLIVE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@A2.ADSERVER01[1].TXT [ /A2.ADSERVER01 ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@STATS.TRAVELSHOP-24[1].TXT [ /STATS.TRAVELSHOP-24 ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW4.SMARTADSERVER[1].TXT [ /WWW4.SMARTADSERVER ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.ADULTADVERTISING[1].TXT [ /ADS.ADULTADVERTISING ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD.ADSERVER01[2].TXT [ /AD.ADSERVER01 ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.HEIAS[2].TXT [ /ADS.HEIAS ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@PORNTELECAST[2].TXT [ /PORNTELECAST ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@YOUPORN[2].TXT [ /YOUPORN ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@4STATS[2].TXT [ /4STATS ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADSRV1.ADMEDIATE[1].TXT [ /ADSRV1.ADMEDIATE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.YOUPORN[1].TXT [ /ADS.YOUPORN ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.PORNHYVE[2].TXT [ /WWW.PORNHYVE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@DISCOUNTREALITYSITES[1].TXT [ /DISCOUNTREALITYSITES ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@HARDCOREPORNTUBE[2].TXT [ /HARDCOREPORNTUBE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.PORNTOWN[1].TXT [ /WWW.PORNTOWN ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD1.ADFARM1.ADITION[2].TXT [ /AD1.ADFARM1.ADITION ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.PORNHUB[2].TXT [ /WWW.PORNHUB ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD.ADC-SERV[1].TXT [ /AD.ADC-SERV ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.TUBEADSERVER.SPCTL[1].TXT [ /WWW.TUBEADSERVER.SPCTL ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@UK.AT.ATWOLA[1].TXT [ /UK.AT.ATWOLA ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD3.ADFARM1.ADITION[2].TXT [ /AD3.ADFARM1.ADITION ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@TRACKING.ONMARKETING[1].TXT [ /TRACKING.ONMARKETING ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@S4.TRAFFICMAXX[1].TXT [ /S4.TRAFFICMAXX ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@T.BBTRACK[1].TXT [ /T.BBTRACK ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.DISCOUNTREALITYSITES[1].TXT [ /WWW.DISCOUNTREALITYSITES ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADVIVA[1].TXT [ /ADVIVA ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@OVERTURE[1].TXT [ /OVERTURE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD.DKB[1].TXT [ /AD.DKB ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.ETRACKER[2].TXT [ /WWW.ETRACKER ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@VIDEOPORNCITY[2].TXT [ /VIDEOPORNCITY ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@NAIADSYSTEMS[1].TXT [ /NAIADSYSTEMS ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.WHALEADS[2].TXT [ /ADS.WHALEADS ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@INTERCLICK[1].TXT [ /INTERCLICK ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@SCHWIMMBADTECHNIK-FKB[1].TXT [ /SCHWIMMBADTECHNIK-FKB ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@E-2DJ6WNMYWICZSEP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WNMYWICZSEP.STATS.ESOMNITURE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@FASTCLICK[1].TXT [ /FASTCLICK ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@PORNHUB[1].TXT [ /PORNHUB ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD2.DOUBLEPIMP[2].TXT [ /AD2.DOUBLEPIMP ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@COUNTER.ALL-BIZ[2].TXT [ /COUNTER.ALL-BIZ ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADTECH[2].TXT [ /ADTECH ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.MITKID[2].TXT [ /ADS.MITKID ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@TRACK.EFFILIATION[1].TXT [ /TRACK.EFFILIATION ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.VIDEOPORNCITY[1].TXT [ /WWW.VIDEOPORNCITY ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADFORM[2].TXT [ /ADFORM ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD.TRIPLEMIND[1].TXT [ /AD.TRIPLEMIND ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD.ZANOX[1].TXT [ /AD.ZANOX ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.BURSTNET[1].TXT [ /WWW.BURSTNET ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ERO-ADVERTISING[1].TXT [ /ERO-ADVERTISING ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@COUNT.ASNETWORKS[1].TXT [ /COUNT.ASNETWORKS ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@TSPROTRAFFIC[1].TXT [ /TSPROTRAFFIC ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS-DEV.YOUPORN[1].TXT [ /ADS-DEV.YOUPORN ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.PARTNERBRIDGE[2].TXT [ /ADS.PARTNERBRIDGE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.QUARTERMEDIA[1].TXT [ /ADS.QUARTERMEDIA ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@RICHMEDIA.YAHOO[1].TXT [ /RICHMEDIA.YAHOO ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADSERVER.DOCCHECK[1].TXT [ /ADSERVER.DOCCHECK ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADSRV.ADMEDIATE[1].TXT [ /ADSRV.ADMEDIATE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.GOOGLEADSERVICES[3].TXT [ /WWW.GOOGLEADSERVICES ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADULT.GOODVIDZ[1].TXT [ /ADULT.GOODVIDZ ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@MYNORTONACCOUNT[1].TXT [ /MYNORTONACCOUNT ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@STATCOUNTER[1].TXT [ /STATCOUNTER ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@CLICKFUSE[1].TXT [ /CLICKFUSE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@E-2DJ6WGLOEMDJECP.STATS.ESOMNITURE[1].TXT [ /E-2DJ6WGLOEMDJECP.STATS.ESOMNITURE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADSERVER5.BANNERWERBUNG[1].TXT [ /ADSERVER5.BANNERWERBUNG ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@CLICKCASH[1].TXT [ /CLICKCASH ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.TELLAVISION.SHOWMEDIA[2].TXT [ /WWW.TELLAVISION.SHOWMEDIA ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@WWW.SCHWIMMBADTECHNIK[2].TXT [ /WWW.SCHWIMMBADTECHNIK ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@STATS.SPCTL[1].TXT [ /STATS.SPCTL ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADSERVER.SEVENLOAD[2].TXT [ /ADSERVER.SEVENLOAD ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@MOFOSEX[1].TXT [ /MOFOSEX ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADS.AD4GAME[1].TXT [ /ADS.AD4GAME ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@E-2DJ6WJK4SIDPMBQ.STATS.ESOMNITURE[1].TXT [ /E-2DJ6WJK4SIDPMBQ.STATS.ESOMNITURE ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@MEGAPORN[1].TXT [ /MEGAPORN ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@AD.BEEPWORLD[2].TXT [ /AD.BEEPWORLD ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@ADSERVER.ADWORXS[2].TXT [ /ADSERVER.ADWORXS ]
        D:\USERS\PATTY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PATTY@EAS.APM.EMEDIATE[1].TXT [ /EAS.APM.EMEDIATE ]
        media.adxpansion.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\335K5D6M ]
        www.pornhub.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\335K5D6M ]
        www.mynortonaccount.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.mynortonaccount.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .mynortonaccount.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .mynortonaccount.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .mynortonaccount.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .mynortonaccount.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        account.norton.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .account.norton.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .account.norton.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .account.norton.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .rs-media-events.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .rs-media-events.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .rs-media-events.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        adserver.sevenload.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        count.primawebtools.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        adserver.plus.ag [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        adserver2.clipkit.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        tracking.mlsat02.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .weboramapublishertrackinguk.solution.weborama.fr [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .weboramapublishertrackinguk.solution.weborama.fr [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .dyntracker.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .vanimedia.nl [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .vanimedia.nl [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .vanimedia.nl [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .sexad.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .pornup.me [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .pornup.me [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .pornup.me [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .pornup.me [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adxpansion.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.pornup.me [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.pornhub.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        www.pornhub.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .c1.atdmt.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\PATRICIA SCHARF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O9172KP.DEFAULT\COOKIES.SQLITE ]

Um das kurz zu klären..das is nicht mein pc ;D

cosinus 16.04.2012 20:26
Zitat:
Um das kurz zu klären..das is nicht mein pc ;D
Das sind nur Cookies und ein Fehlalarm... :D

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Terminator92 16.04.2012 20:28
Gut Danke. Gibt keine Probleme mehr.. Dann sind wir soweit fertig?

cosinus 16.04.2012 20:30
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:50 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19