Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein (https://www.trojaner-board.de/92288-windows-update-deaktiviert-hosts-mehr-oeffnen-browser-frieren.html)

ThePhantom79 28.10.2010 16:10
Windows Update deaktiviert sich - hosts nicht mehr zu öffnen - Browser frieren ein
 
Hallo,

ich habe leider ein größeres Problem bekommen, und ich befürchte, dass ich mir was eingefangen habe.
Folgendes kann ich feststellen:

- Firefox und IneternetExplorer frieren nach einiger Zeit meist ein. Sie lassen sich danach auch nicht mehr öffnen - dann passiert einfach gar nix, ausser dass der Prozess im taskmanager erscheint.

- Wenn ich im taskmanager auf "Zeige Prozesse aller Nutzer" klicke, friert sofort der Taskmanager ein

- nach einer gewissen Zeit (ca. 10-30 Min) bekomme ich plötzlich die Meldung, dass sich die automatischen Windows-Updates deaktiviert haben. Wenn ich sie wieder aktivieren will, friert das entsprechende Fenster ein.

- HiJackThis meldet, dass die hosts schreibgschützt ist. Das ist tatsächlich so, aber nur manchmal - dann ich sie selbst auch noch nciht mal öffnen. Wenn ich sie mal öffnen kann, steht aber nix böses drin.

- Ich habe die "Desinfec't" von der c't offline laufen lassen - wirklich was gefunden wurde jedoch nicht.

Ich habe MS Security Essentals installiert - aber der hat nie was gemeldet und findet nix. Mein Rechner wird zur Zeit also nach 10-30 Minuten unbrauchbar - und ich habe keine Ahnung warum. Es ist nur eine Vermutung, dass es sich hierbei um einen Schädling handelt (wer sonst deaktiviert plötzlich die Win-Updates?)

Hier das HiJackThis-Log (ich habe es wie gewünscht anonymisiert und Links unbrauchbar gemacht):

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53:07, on 28.10.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe
C:\Program Files\pdf24\pdf24.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [CamserviceOG] C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe /startup
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download with BitKinex - C:\Program Files\BitKinex\ieext_cp.htm
O8 - Extra context menu item: &Register in BitKinex - C:\Program Files\BitKinex\ieext_reg.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - C:\Users\CHRIST~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\CHRIST~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - h**p://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - h**p://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - h**ps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\*****T~1\AppData\Local\Temp\f5tmp\urxhost.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitKinex File Transfer Service (BitKinex) - Unknown owner - C:\Program Files\BitKinex\bitkinexsvc.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SMServer - SMServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Server\vmware-hostd.exe
O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe
O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmVssWriter.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10698 bytes

Falls ich was falsch gemacht haben sollte, bitte ich um Nachricht - ist das erste mal dass ich dieses Board benutze. Ich habe versucht, die "goldenen Regeln" zu befolgen ;-)

Grüße
ThePhantom

Nachtrag: Ich habe evtl meine Flashplayer-Komponenten im Verdacht. Oft tritt das ganze auch genau dann auf, wenn ich Seiten mit Flash besuche - danach geht dann auch alles andere nicht mehr. Ich habe sie daher mal alle deinstalliert (was auch mal wieder nicht auf Anhieb ging, sondern nur nach Neustart) und sie neu installiert. Leider hat das nichts gebracht :-(

cosinus 28.10.2010 21:32
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

ThePhantom79 29.10.2010 16:50
Hier schon mal die OTL-Logs:

OTL Logfile:
Code:
OTL logfile created on: 29.10.2010 17:35:57 - Run 1
OTL by OldTimer - Version 3.2.17.1    Folder = C:\Users\*****\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 59,82 Gb Free Space | 30,63% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 210,42 Gb Free Space | 71,82% Space Free | Partition Type: NTFS
Drive E: | 390,62 Gb Total Space | 39,68 Gb Free Space | 10,16% Space Free | Partition Type: NTFS
Drive J: | 7,60 Gb Total Space | 3,51 Gb Free Space | 46,20% Space Free | Partition Type: FAT32
Drive O: | 135,06 Gb Total Space | 125,65 Gb Free Space | 93,03% Space Free | Partition Type: NTFS
Drive P: | 37,32 Gb Total Space | 4,17 Gb Free Space | 11,18% Space Free | Partition Type: NTFS
Drive Q: | 60,50 Gb Total Space | 11,96 Gb Free Space | 19,77% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\BitKinex\bitkinexsvc.exe ()
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\VMware\VMware Server\tomcat\bin\tomcat6.exe (Apache Software Foundation)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Server\vmware-hostd.exe ()
PRC - C:\Programme\VMware\VMware Server\vmware-authd.exe (VMware, Inc.)
PRC - C:\Programme\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.)
PRC - C:\Programme\Sandboxie\SbieCtrl.exe (tzuk)
PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG)
PRC - C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BitKinex) -- C:\Program Files\BitKinex\bitkinexsvc.exe ()
SRV - (STSService) -- C:\Program Files\SoundTaxi Media Suite\STSService.exe ()
SRV - (SMServer) -- C:\Windows\System32\snmvtsvc.exe (SMServer)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (VMwareServerWebAccess) -- C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe (Apache Software Foundation)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files\VMware\VMware Server\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Server\vmware-authd.exe (VMware, Inc.)
SRV - (vmwriter) -- C:\Program Files\VMware\VMware Server\vmVssWriter.exe (VMware, Inc.)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SndTAudio) -- C:\Windows\System32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcuxd) -- C:\Windows\System32\drivers\vpcuxd.sys (Microsoft Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation)
DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder\SysInfo.sys ()
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 B4 DE 60 19 75 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.122581
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.28 16:35:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.28 16:35:22 | 000,000,000 | ---D | M]
 
[2010.02.01 20:24:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2010.02.01 20:24:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010.02.01 20:20:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX
[2010.02.01 20:22:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2010.10.29 17:28:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\jt9kjgnv.default\extensions
[2010.03.07 11:07:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\jt9kjgnv.default\extensions\VMwareVMRC@vmware.com
[2010.10.28 14:46:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.27 20:52:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.14 19:18:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.16 18:35:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.28 14:46:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.16 18:52:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.16 18:52:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.16 18:52:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.16 18:52:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.16 18:52:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CamserviceOG] C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download with BitKinex - C:\Programme\BitKinex\ieext_cp.htm ()
O8 - Extra context menu item: &Register in BitKinex - C:\Programme\BitKinex\ieext_reg.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programme\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\*****T~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\*****T~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} h**p://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} h**p://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} h**ps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\*****T~1\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - P:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\Shell - "" = AutoRun
O33 - MountPoints2\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.29 17:30:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2010.10.28 16:41:32 | 000,000,000 | ---D | C] -- C:\HiJackThis
[2010.10.28 16:05:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2010.10.28 16:05:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.28 16:05:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.28 16:05:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.28 16:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.28 15:58:00 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\*****\Desktop\mbam-setup.exe
[2010.10.28 14:46:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.10.28 14:46:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.10.28 14:46:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.10.28 07:36:30 | 000,000,000 | ---D | C] -- C:\DesinfectLogs
[2010.10.27 20:25:21 | 000,000,000 | ---D | C] -- C:\INFECTED
[2010.10.25 16:11:52 | 000,000,000 | ---D | C] -- C:\Converted
[2010.10.25 16:11:17 | 000,000,000 | ---D | C] -- C:\Programme\SoundTaxi Media Suite
[2010.10.25 16:10:31 | 000,245,760 | ---- | C] (SMServer) -- C:\Windows\System32\snmvtsvc.exe
[2010.10.25 16:10:30 | 000,023,096 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\SndTAudio.sys
[2010.10.25 16:10:30 | 000,023,096 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\SndTAudio.sys
[2010.10.25 16:10:30 | 000,014,392 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\SndTVideo.dll
[2010.10.25 16:10:30 | 000,005,688 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\SndTVideo.sys
[2010.10.25 16:10:28 | 000,000,000 | ---D | C] -- C:\Programme\SoundTaxi
[2010.10.18 05:06:38 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.18 05:06:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.18 05:06:38 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.18 05:06:38 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.18 05:06:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.18 05:06:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.18 05:06:38 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.18 05:06:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.18 05:06:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.18 05:06:37 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.18 05:06:37 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.18 05:06:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.18 05:06:27 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.18 05:06:27 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.18 05:06:21 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.18 05:06:18 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.18 05:06:16 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.18 05:06:16 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010.10.03 08:18:47 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009.11.30 15:38:32 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2009.11.30 15:38:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.29 17:33:59 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.29 17:33:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.29 17:33:19 | 2616,053,760 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.29 17:29:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2010.10.28 21:15:54 | 000,001,412 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010.10.28 20:00:15 | 000,731,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.28 20:00:15 | 000,679,632 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.28 20:00:15 | 000,156,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.28 20:00:15 | 000,128,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.28 19:52:31 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Funambol Outlook Sync Client - *****.job
[2010.10.28 19:05:02 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.28 16:56:24 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.28 16:56:24 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.28 16:05:30 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.28 15:58:19 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\*****\Desktop\mbam-setup.exe
[2010.10.28 14:37:21 | 002,343,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.26 16:45:59 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.19 22:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.18 05:16:32 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
 
========== Files Created - No Company Name ==========
 
[2010.10.28 16:05:30 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.26 16:45:59 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.25 16:10:30 | 000,019,099 | ---- | C] () -- C:\Windows\System32\SndTAudio.inf
[2010.10.25 16:10:30 | 000,002,577 | ---- | C] () -- C:\Windows\System32\SndTVideo.inf
[2010.10.25 16:10:30 | 000,002,539 | ---- | C] () -- C:\Windows\System32\SndTVideo.cat
[2010.10.25 16:10:30 | 000,002,100 | ---- | C] () -- C:\Windows\System32\SndTAudio.cat
[2010.07.05 21:29:12 | 000,000,847 | ---- | C] () -- C:\Windows\wiso.ini
[2010.06.18 22:44:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.03 15:05:46 | 000,003,456 | ---- | C] () -- C:\Users\*****\AppData\Roaming\movie_gui_builder_layout1280x720.xml
[2010.05.31 18:29:52 | 000,004,226 | ---- | C] () -- C:\Users\*****\AppData\Roaming\movie_gui_builder.pref
[2010.05.31 18:29:47 | 000,003,448 | ---- | C] () -- C:\Users\*****\AppData\Roaming\movie_gui_builder_layout.xml
[2010.05.31 18:29:46 | 000,000,026 | ---- | C] () -- C:\Users\*****\AppData\Roaming\movie_gui_builder_sync.pref
[2010.02.02 16:19:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.02.02 12:42:37 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2010.02.02 11:54:08 | 001,254,288 | ---- | C] () -- C:\ProgramData\__wdump.txt
[2009.11.30 15:38:32 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
[2009.11.25 21:52:37 | 000,009,216 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.16 18:32:46 | 000,001,412 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2009.11.14 23:37:03 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.11.10 12:54:14 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Roaming\winscp.rnd
[2009.10.29 16:44:50 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009.10.29 16:44:50 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009.10.26 18:59:26 | 000,007,597 | ---- | C] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg
[2009.10.26 18:35:15 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.10.20 16:21:06 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

< End of report >
und das zweite:


Code:
OTL Extras logfile created on: 29.10.2010 17:35:58 - Run 1
OTL by OldTimer - Version 3.2.17.1    Folder = C:\Users\*****\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 59,82 Gb Free Space | 30,63% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 210,42 Gb Free Space | 71,82% Space Free | Partition Type: NTFS
Drive E: | 390,62 Gb Total Space | 39,68 Gb Free Space | 10,16% Space Free | Partition Type: NTFS
Drive J: | 7,60 Gb Total Space | 3,51 Gb Free Space | 46,20% Space Free | Partition Type: FAT32
Drive O: | 135,06 Gb Total Space | 125,65 Gb Free Space | 93,03% Space Free | Partition Type: NTFS
Drive P: | 37,32 Gb Total Space | 4,17 Gb Free Space | 11,18% Space Free | Partition Type: NTFS
Drive Q: | 60,50 Gb Total Space | 11,96 Gb Free Space | 19,77% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C171CF9-E6CB-427F-B1E8-55637C603586}_is1" = FarmHelper
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{102CDCAA-A884-6DC5-9FA8-DDFF77023FF8}" = Catalyst Control Center HydraVision Full
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB2107E-82FE-3167-6E71-B9D44EA4FD26}" = AMD Drag and Drop Transcoding
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C00B132-7446-9C4D-F0D5-FC00F965B7CA}" = ccc-utility
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{566D674E-819E-75E0-ADBE-685613F73627}" = Catalyst Control Center Graphics Previews Vista
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A1A0C5-DB63-48F5-8356-BFD6D3D7F645}" = Vasco da Gama 4 HDPro Demo
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68D3EB18-6708-486D-B58E-A97B92713B71}" = Xelerator 2.0
"{6C7DAF94-0520-19F0-7666-8A7334714E81}" = Catalyst Control Center Graphics Full Existing
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BDB07A4-22C8-AE44-29C5-CA5B46E0E58D}" = Catalyst Control Center Graphics Light
"{9CC99440-C974-427E-A218-9E79752BC7DB}_is1" = Rock Your Phone 1.63.18
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A7CE3C9E-78B4-4855-8D24-5CDF498E31F9}" = BitKinex
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AD0EBF26-ABE2-4E40-8C02-152A944C78A7}" = WDTV MSG 1.6.3
"{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}" = VMware Server
"{B25C7F0C-A06D-4C92-85D3-4A3E34E18EEE}" = WDTV Movie Sheet Generator
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF19FE33-C168-04D1-9E58-17E7248B9EF7}" = ATI Catalyst Install Manager
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8E73595-C7C1-F1A4-ECD1-7EA8F7DBD3A8}" = CCC Help English
"{C92CE7AF-B104-4710-8F5C-9F833976D308}" = Schrankplaner
"{C976F327-2337-17E7-CAD3-133607CD321B}" = Catalyst Control Center Core Implementation
"{CBF78A5F-7950-4CF1-A063-C4C7B2B82CE6}" = SoundSoap PE
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC874CBB-BD87-4126-9465-AE73BB62D6E0}" = Studio 11 Ultimate
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D893FFAF-5DEE-6EDA-5153-2925E0B5FAFF}" = Catalyst Control Center InstallProxy
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Deluxe Optical Glass
"{E8F857C4-E153-6B03-909E-0006D803F865}" = ccc-core-static
"{E9AF8687-6055-C82B-00A0-9B1B93BF0DCA}" = Catalyst Control Center Graphics Previews Common
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5796AEB-D38E-A4C0-F02F-B14A04945143}" = Catalyst Control Center Graphics Full New
"{F5AEB5A7-D4EA-49A5-89F2-A799F1C620B9}" = TViXiE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F87F2E18-4720-4F97-B3E5-E930D649D92B}" = Mobile Mouse Server
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"7-Zip" = 7-Zip 4.65
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Air Video Server" = Air Video Server 2.2.5
"AviSynth" = AviSynth 2.5
"BZFTrainer2010_is1" = BZFTrainer2010_1.1.0.10
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dm Fotowelt" = dm Fotowelt
"Edelweiss_is1" = Edelweiss
"Enigma" = Enigma
"ffdshow_is1" = ffdshow [rev 3233] [2010-01-28]
"FileZilla Client" = FileZilla Client 3.2.7.1
"Flight Planner_is1" = Flight Planner 5.5
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.08
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Funambol Outlook Sync Client" = Funambol Outlook Sync Client 8.0.5
"GMX SMS-Manager" = GMX SMS-Manager
"Google Chrome" = Google Chrome
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"InstallShield_{68D3EB18-6708-486D-B58E-A97B92713B71}" = Xelerator 2.0
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.2.4582
"MediaInfo" = MediaInfo 0.7.27
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Miranda IM" = Miranda IM 0.8.15
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSSTDFMT Update_is1" = MSSTDFMT Update
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"Sandboxie" = Sandboxie 3.40
"SkyMap" = Sky-Map
"SoundTaxi_is1" = SoundTaxi 4.0.4
"Spb Mobile Shell" = Spb Mobile Shell
"Steam App 400" = Portal
"STMediaSuite" = SoundTaxi Media Suite 4.0.4
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"TrueCrypt" = TrueCrypt
"TUGZip_is1" = TUGZip 3.5
"ULTIMATER" = Microsoft Office Ultimate 2007
"Unlocker" = Unlocker 1.8.8
"VLC media player" = VLC media player 1.1.0
"Warcraft III" = Warcraft III
"WinFF_is1" = WinFF 1.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.4 beta
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---


malwarebytes kommt noch ...

ThePhantom79 29.10.2010 19:10
Nun nun noch MBAM:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4974

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.10.2010 20:02:39
mbam-log-2010-10-29 (20-02-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|O:\|P:\|Q:\|)
Durchsuchte Objekte: 623068
Laufzeit: 2 Stunde(n), 17 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 30.10.2010 20:47
Gibt es noch weitere Logs von Malwarebytes? Wäre sehr sinnfrei, wenn Du nur das ohne Funde gepostet hättest!

ThePhantom79 31.10.2010 00:33
Hi,nein - es gibt kein weiteres Log. Malwarebytes findet nichts ...

cosinus 31.10.2010 13:08
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - P:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\Shell - "" = AutoRun
O33 - MountPoints2\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

ThePhantom79 31.10.2010 22:21
Hi,
erst mal vielen Dank für die bisherige Mühe.
Hier das Log:

Code:
All processes killed
========== OTL ==========
P:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f01cdad-c409-11df-8071-001fd0a1d2f1}\ not found.
File I:\WD SmartWare.exe not found.
========== COMMANDS ==========
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: *****
->Temp folder emptied: 415029325 bytes
->Temporary Internet Files folder emptied: 202179204 bytes
->Java cache emptied: 53055226 bytes
->FireFox cache emptied: 96455762 bytes
->Flash cache emptied: 62758 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 170356089 bytes
RecycleBin emptied: 1445048750 bytes
 
Total Files Cleaned = 2.272,00 mb
 
 
OTL by OldTimer - Version 3.2.17.1 log created on 10312010_220017

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_*****-PC$\2072 not found!

Registry entries deleted on Reboot...
Was heisst das Log ... wurde was gefunden und gelöscht? Was mich zb wundert: File I:\WD SmartWare.exe not found. - Ich habe kein Laufwerk "I:"
Und auf Laufwerk P: (wo wohl einiges gelöscht wurde) liegt nur meine sehr alte Windows-Version (Vorgänger), die ich aber nie boote ...

...

PS: Ich kann derzeit anscheinend kein MS Security Essentials Update mehr machen (wohl seit 6 Tagen nicht mehr). Angeblich habe ich keine Internetverbindung ... (Fehlercode 0x80072efe)

PPS: Es öffnen sich jetzt auch hin und wieder urplötzlich irgendwelche Seiten (einmal wurde sie sogar geblockt wegen schädlichem Inhalt)

cosinus 31.10.2010 23:10
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ThePhantom79 01.11.2010 09:19
Hi,
leider bin ich nun langsam wirklich am verzweifeln.

- Habe erst den CCleaner ausgeführt: Kein Problem, alle Fehler behoben
- Ich habe meinen MS Security Essentials deaktiviert.
- Habe dann ComboFix ausgeführt. Erst kommt der grüne kurze Balken, dann kam ein Fenster vom ComboFix, dass das alles auf eigene Gefahr ist usw. Ich klicke unten auf "ja". Das Fenster schließt sich, aber nichts weiter passiert ...
- Ich warte eine ganze Zeit.
- Schließlich starte ich ComboFix erneut. Es wird mir gesagt, dass gewisse Dateien nicht erstellt werden können und ich erst rebooten soll.
- Ich reboote und starte ComboFix erneut.
- Diesmal kommt wieder fer kurze grüne Balken, danach jedoch rein gar nix mehr ... egal wie lange ich warte.
- Ich mache das Spiel mit dem Reboot noch ein paar mal, aber immer das Gleiche - es passiert einfach nichts mehr, nachdem ich CF gestartet habe :-(

Zur Info: In den Prozessen wird beim Start ein Prozess namens mbr.cfxxe angelegt (ich kann immerhin wieder Prozesse aller Nutzer anschauen!!!). Ich gehe davon aus, dass dieser Prozess von ComboFix stammt?
Es wird ausserdem ein Ordner auf der OS-Partition angelegt namens 32788R22FWJFW. Auch hier gehe ich davon aus, dass der vom CF stammt. Nach dem Reboot ist zumindest der Prozess wieder weg und taucht erst beim Start von CF aus (leider passiert aber sonst nix :-( )


Gruß
ThePhantom

cosinus 01.11.2010 17:37
Lösch mal die bestehende cofi.exe und lad CF neu als cofi.exe herunter. Probier es dann noch einmal.

ThePhantom79 01.11.2010 18:18
Schon gemacht ... auch habe ich sie mal anders genannt ... wenn ich sie anders nenne, kommt wenigstens der disclaimer screen nochmal ... aber danach ... nix ...

cosinus 01.11.2010 18:30
So bockig sollte CF eigentlich nicht sein :crazy:
Und Wenn Du CF nicht umbennste also einfach combofix.exe lässt?

ThePhantom79 01.11.2010 22:21
Leider bringt auch das nix :-(

cosinus 02.11.2010 14:49
Dann lassen wir CF erstmal weg.

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

ThePhantom79 03.11.2010 07:49
Hi,

hier alle Logs - GMER hat erst gezickt, aber nach langem warten hat es irgendwann irgendwie funktioniert.


GMER:


Code:
GMER 1.0.15.15477 - h**p://www.gmer.net
Rootkit scan 2010-11-02 19:33:30
Windows 6.1.7600
Running: 5pr8zszx.exe; Driver: C:\Users\*****\AppData\Local\Temp\kgldiuod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                                                                        82C51599 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                82C75F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE    ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2                                                                                                                            82E83135 5 Bytes  JMP 8941DC50
PAGE    ntkrnlpa.exe!NtRequestWaitReplyPort + 2                                                                                                                                82E84B5D 5 Bytes  JMP 8941DBB0
PAGE    ntkrnlpa.exe!NtRequestPort + 2                                                                                                                                        82E98DC3 5 Bytes  JMP 8941DB10
?      System32\Drivers\spzp.sys                                                                                                                                              Das System kann den angegebenen Pfad nicht finden. !
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                                              section is writeable [0x91807000, 0x2FBFB8, 0xE8000020]
.text  USBPORT.SYS!DllUnload                                                                                                                                                  915D5CA0 5 Bytes  JMP 8706C1D8
.text  a20x9xs7.SYS                                                                                                                                                          98E34000 12 Bytes  [44, 38, 02, 83, EE, 36, 02, ...] {INC ESP; CMP [EDX], AL; SUB ESI, 0x36; ADD AL, [EBX-0x7cfde860]}
.text  a20x9xs7.SYS                                                                                                                                                          98E3400D 9 Bytes  [17, 02, 83, 48, 3B, 02, 83, ...] {POP SS; ADD AL, [EBX-0x7cfdc4b8]; ADD [EAX], AL}
.text  a20x9xs7.SYS                                                                                                                                                          98E34017 170 Bytes  [00, DE, 87, 5A, 83, E6, 85, ...]
.text  a20x9xs7.SYS                                                                                                                                                          98E340C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text  a20x9xs7.SYS                                                                                                                                                          98E340CE 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text  ...                                                                                                                                                                   
.text  autochk.exe                                                                                                                                                            002211D1 2 Bytes  [F1, 19]
.text  autochk.exe                                                                                                                                                            002211D4 3 Bytes  [94, F1, 19]
.text  autochk.exe                                                                                                                                                            002211D8 3 Bytes  [AC, 5E, 18]
.text  autochk.exe                                                                                                                                                            002211DC 1 Byte  [03]
.text  autochk.exe                                                                                                                                                            002211E0 3 Bytes  [7C, EE, 19]
.text  ...                                                                                                                                                                   

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT    \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                                              [834AC042] \SystemRoot\System32\Drivers\spzp.sys
IAT    \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                                              [834AC6D6] \SystemRoot\System32\Drivers\spzp.sys
IAT    \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                                                      [834AC800] \SystemRoot\System32\Drivers\spzp.sys
IAT    \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                                                        [834AC13E] \SystemRoot\System32\Drivers\spzp.sys
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortNotification]                                                                                            00147880
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortQuerySystemTime]                                                                                          78800C75
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                                            06750015
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortStallExecution]                                                                                          C25DC033
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortWritePortUchar]                                                                                          458B0008
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortWritePortUlong]                                                                                          6A006A08
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                                                      50056A24
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                                            005AB7E8
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                                                    0001B800
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetParentBusType]                                                                                        C25D0000
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortRequestCallback]                                                                                          CCCC0008
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                                                    CCCCCCCC
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                                                    CCCCCCCC
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortCompleteRequest]                                                                                          CCCCCCCC
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortCopyMemory]                                                                                              53EC8B55
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortEtwTraceLog]                                                                                              800C5D8B
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                                                7500117B
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                                                  127B806A
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                                                    80647500
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                                                    7500137B
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortInitialize]                                                                                              157B805E
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                                            56587500
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                                                        8008758B

---- Devices - GMER 1.0.15 ----

Device  \Device\Ide\IdeDeviceP6T0L0-8 -> \??\IDE#DiskSAMSUNG_HD103SJ_________________________1AJ100E4#5&17b185bc&0&4.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}                device not found

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                                                    771343423
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                                                    285507792
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                                                    1
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                    0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                0xE7 0xA9 0xA8 0xA2 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                    C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                    0xD4 0xC3 0x97 0x02 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                        0x6B 0x92 0x83 0x6A ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                          0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                  0x2D 0xDE 0x8D 0x46 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                                  0x8E 0xFC 0x29 0x02 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                        0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                    0xE7 0xA9 0xA8 0xA2 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                        C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                        0xD4 0xC3 0x97 0x02 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                         
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                            0x6B 0x92 0x83 0x6A ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                              0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                      0x2D 0xDE 0x8D 0x46 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                                      0x8E 0xFC 0x29 0x02 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Pinnacle\Studio 14\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook  1
Reg    HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1328d8d3
Reg    HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog                                                                      0x7C 0x04 0x06 0x00 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices@AliveDeviceCount                                                                                          1
Reg    HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices@FunctionalDMRCount                                                                                        1
Reg    HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\E4-7C-F9-7A-7F-B6@Alive                                                                                  0
Reg    HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers@AliveDeviceCount                                                                                    1
Reg    HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers@FunctionalDMRCount                                                                                  1
Reg    HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers\592DE09F-959F-69CD-2F8E-FBB9AF9EB41F@Alive                                                          0
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                                                    0xC8 0x28 0x51 0xAF ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                                                    0x6A 0x9C 0xD6 0x61 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                                                    0xFF 0x7C 0x85 0xE0 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                                                    0x3E 0x1E 0x9E 0xE0 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                                                    0xCD 0x44 0xCD 0xB9 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                                                    0xB0 0x18 0xED 0xA7 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b                                                    0xFB 0xA7 0x78 0xE6 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d                                                    0x83 0x6C 0x56 0x8B ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3                                                    0xF6 0x0F 0x4E 0x58 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b                                                    0x3D 0xCE 0xEA 0x26 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6                                                    0x2A 0xB7 0xCC 0xB5 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2                                                    0xFA 0xEA 0x66 0x7F ...

---- Disk sectors - GMER 1.0.15 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 01: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 02: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 03: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 04: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 05: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 06: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 07: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 08: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 09: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 10: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 11: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 12: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 13: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 14: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 15: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 16: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 17: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 18: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 19: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 20: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 21: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 22: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 23: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 24: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 25: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 26: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 27: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 28: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 29: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 30: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 31: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 32: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 33: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 34: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 35: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 36: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 37: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 38: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 39: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 40: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 41: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 42: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 43: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 44: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 45: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 46: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 47: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 48: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 49: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 50: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 51: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 52: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 53: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 54: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 55: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 56: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 57: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 58: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 59: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 60: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 61: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 62: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 63: copy of MBR

---- EOF - GMER 1.0.15 ----
MBRCHECK

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Ultimate Edition
Windows Information:                (build 7600), 32-bit
Base Board Manufacturer:        Gigabyte Technology Co., Ltd.
BIOS Manufacturer:                Award Software International, Inc.
System Manufacturer:                Gigabyte Technology Co., Ltd.
System Product Name:                EP45-DS3
Logical Drives Mask:                0x0001debd

Kernel Drivers (total 220):
  0x82C38000 \SystemRoot\system32\ntkrnlpa.exe
  0x82C01000 \SystemRoot\system32\halmacpi.dll
  0x86DC5000 \SystemRoot\system32\kdcom.dll
  0x83224000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8329C000 \SystemRoot\system32\PSHED.dll
  0x832AD000 \SystemRoot\system32\BOOTVID.dll
  0x832B5000 \SystemRoot\system32\CLFS.SYS
  0x832F7000 \SystemRoot\system32\CI.dll
  0x83412000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x83483000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x83491000 \SystemRoot\System32\Drivers\spag.sys
  0x83584000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x8358D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x835B3000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x83400000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x833A2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x833AD000 \SystemRoot\system32\DRIVERS\pci.sys
  0x833D7000 \SystemRoot\System32\drivers\partmgr.sys
  0x833E8000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x83638000 \SystemRoot\System32\drivers\volmgrx.sys
  0x83683000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x8368A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x83698000 \SystemRoot\System32\drivers\mountmgr.sys
  0x836AE000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x836B7000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x836DA000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x836E4000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x836ED000 \SystemRoot\system32\drivers\fltmgr.sys
  0x83721000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8BE3B000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8BF6A000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8BF95000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x83732000 \SystemRoot\System32\Drivers\cng.sys
  0x8BFA8000 \SystemRoot\System32\drivers\pcw.sys
  0x8BFB6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8C018000 \SystemRoot\system32\drivers\ndis.sys
  0x8C0CF000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8C10D000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8C20B000 \SystemRoot\System32\drivers\tcpip.sys
  0x8C354000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8C385000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x8C38E000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8C3CD000 \SystemRoot\System32\Drivers\spldr.sys
  0x8C132000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8C3D5000 \SystemRoot\System32\Drivers\mup.sys
  0x8C3E5000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8C15F000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8C3ED000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8C191000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8C1DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8BFBF000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0x8C000000 \SystemRoot\System32\Drivers\Null.SYS
  0x8C007000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8BFE2000 \SystemRoot\System32\drivers\vga.sys
  0x8BE00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8BE21000 \SystemRoot\System32\drivers\watchdog.sys
  0x8C00E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8BE2E000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8BFEE000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8378F000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8379A000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x837A8000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x837BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x90E1A000 \SystemRoot\system32\drivers\afd.sys
  0x90E74000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90EA6000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x90EAF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x90EB6000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90ED5000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
  0x90EE5000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x90EF3000 \SystemRoot\system32\DRIVERS\serial.sys
  0x90F0D000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x90F20000 \SystemRoot\system32\drivers\vpcvmm.sys
  0x90F67000 \SystemRoot\System32\drivers\truecrypt.sys
  0x90F9C000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x90FAC000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90FED000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x90E00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x90E0A000 \SystemRoot\System32\drivers\discache.sys
  0x91608000 \SystemRoot\system32\drivers\csc.sys
  0x9166C000 \SystemRoot\System32\Drivers\dfsc.sys
  0x91684000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x91692000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x916B3000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x916C5000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x9A020000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x916F5000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x9A5BA000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9A000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x9A5F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x917AC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x837CA000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x91C19000 \SystemRoot\system32\drivers\HCW85BDA.sys
  0x91D6E000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x91D71000 \SystemRoot\system32\drivers\ks.sys
  0x91DA5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x91DAB000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
  0x91DD0000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x91C00000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x91C0B000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x837D9000 \SystemRoot\system32\DRIVERS\parport.sys
  0x83600000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x91C15000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
  0x83618000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x95409000 \SystemRoot\System32\Drivers\aoczllez.SYS
  0x95442000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x9544F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x95461000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x95479000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x95484000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x954A6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x954BE000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x954D5000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x954EC000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x954F6000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x95503000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x95505000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
  0x95533000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x95541000 \SystemRoot\system32\DRIVERS\vpcusb.sys
  0x95559000 \SystemRoot\system32\DRIVERS\usbrpm.sys
  0x95566000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x95568000 \SystemRoot\system32\DRIVERS\vpchbus.sys
  0x9559E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x955E2000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x955EC000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x83200000 \SystemRoot\system32\drivers\AtiHdmi.sys
  0x81E1D000 \SystemRoot\system32\drivers\portcls.sys
  0x81E4C000 \SystemRoot\system32\drivers\drmk.sys
  0x81E65000 \SystemRoot\system32\drivers\HdAudio.sys
  0x824A0000 \SystemRoot\System32\win32k.sys
  0x81EB5000 \SystemRoot\System32\drivers\Dxapi.sys
  0x81EBF000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x81ECC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x81ED7000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x81EE1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x81EF2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x81F09000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
  0x81F0F000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x81F1A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x81F2D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x81F34000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0x81F3C000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x81F47000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0x81F4F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x9A604000 \SystemRoot\system32\DRIVERS\snpstd3.sys
  0x9AFE8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x81F66000 \SystemRoot\system32\DRIVERS\hxctlflt.sys
  0x81F7F000 \SystemRoot\system32\drivers\usbaudio.sys
  0x81F93000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x82700000 \SystemRoot\System32\TSDDD.dll
  0x82730000 \SystemRoot\System32\ATMFD.DLL
  0x82780000 \SystemRoot\System32\cdd.dll
  0x81F9E000 \SystemRoot\system32\drivers\luafv.sys
  0x81FB9000 \SystemRoot\system32\drivers\WudfPf.sys
  0x9AFF6000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
  0x9AFFC000 \SystemRoot\system32\DRIVERS\VMNET.SYS
  0x81FD3000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x81FE3000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9F427000 \SystemRoot\system32\drivers\HTTP.sys
  0x9F4AC000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9F4C5000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9F4D7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9F4FA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9F535000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9F550000 \??\C:\Windows\system32\drivers\hcmon.sys
  0x9F55A000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0x9F561000 \??\C:\Windows\system32\Drivers\vmci.sys
  0x9F56D000 \??\C:\Windows\system32\Drivers\VMparport.sys
  0xA2A0C000 \??\C:\Windows\system32\Drivers\vmx86.sys
  0xA2ADC000 \SystemRoot\system32\drivers\peauth.sys
  0xA2B73000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA2B7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA2B9E000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
  0xA2BBE000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA2BCB000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
  0xA2BD0000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
  0x9F56F000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9FC30000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9FCE4000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x9FD99000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x77450000 \Windows\System32\ntdll.dll
  0x48020000 \Windows\System32\smss.exe
  0x77690000 \Windows\System32\apisetschema.dll
  0x00E00000 \Windows\System32\autochk.exe
  0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
  0x77630000 \Windows\System32\Wldap32.dll
  0x77620000 \Windows\System32\lpk.dll
  0x77380000 \Windows\System32\user32.dll
  0x77610000 \Windows\System32\normaliz.dll
  0x77180000 \Windows\System32\iertutil.dll
  0x77080000 \Windows\System32\wininet.dll
  0x76FE0000 \Windows\System32\advapi32.dll
  0x77600000 \Windows\System32\psapi.dll
  0x775C0000 \Windows\System32\ws2_32.dll
  0x76F80000 \Windows\System32\shlwapi.dll
  0x76EF0000 \Windows\System32\oleaut32.dll
  0x76E90000 \Windows\System32\difxapi.dll
  0x76240000 \Windows\System32\shell32.dll
  0x761C0000 \Windows\System32\comdlg32.dll
  0x760E0000 \Windows\System32\kernel32.dll
  0x77590000 \Windows\System32\imagehlp.dll
  0x76040000 \Windows\System32\usp10.dll
  0x76020000 \Windows\System32\imm32.dll
  0x75E80000 \Windows\System32\setupapi.dll
  0x75DF0000 \Windows\System32\clbcatq.dll
  0x75D20000 \Windows\System32\msctf.dll
  0x75D00000 \Windows\System32\sechost.dll
  0x75C50000 \Windows\System32\rpcrt4.dll
  0x75BA0000 \Windows\System32\msvcrt.dll
  0x75A60000 \Windows\System32\urlmon.dll
  0x75900000 \Windows\System32\ole32.dll
  0x758F0000 \Windows\System32\nsi.dll
  0x758A0000 \Windows\System32\gdi32.dll
  0x75810000 \Windows\System32\comctl32.dll
  0x757F0000 \Windows\System32\devobj.dll
  0x757C0000 \Windows\System32\cfgmgr32.dll
  0x75770000 \Windows\System32\KernelBase.dll
  0x75650000 \Windows\System32\crypt32.dll
  0x75620000 \Windows\System32\wintrust.dll
  0x75610000 \Windows\System32\msasn1.dll

Processes (total 76):
      0 System Idle Process
      4 System
    320 C:\Windows\System32\smss.exe
    480 csrss.exe
    568 C:\Windows\System32\wininit.exe
    576 csrss.exe
    616 C:\Windows\System32\services.exe
    632 C:\Windows\System32\lsass.exe
    640 C:\Windows\System32\lsm.exe
    740 C:\Windows\System32\svchost.exe
    824 C:\Windows\System32\svchost.exe
    888 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    916 C:\Windows\System32\winlogon.exe
    980 C:\Windows\System32\atiesrxx.exe
    1048 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\svchost.exe
    1168 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\audiodg.exe
    1356 C:\Windows\System32\svchost.exe
    1540 C:\Windows\System32\svchost.exe
    1548 C:\Windows\System32\atieclxx.exe
    1696 C:\Windows\System32\spoolsv.exe
    1736 C:\Windows\System32\svchost.exe
    1900 C:\Windows\System32\svchost.exe
    1920 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1956 C:\Program Files\BitKinex\bitkinexsvc.exe
    2016 C:\Program Files\Bonjour\mDNSResponder.exe
    128 C:\Windows\System32\svchost.exe
    360 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    496 C:\Program Files\CDBurnerXP\NMSAccessU.exe
    756 C:\Program Files\Sandboxie\SbieSvc.exe
    1460 C:\Windows\System32\svchost.exe
    1852 C:\Windows\System32\vmnat.exe
    1952 C:\Program Files\VMware\VMware Server\tomcat\bin\tomcat6.exe
    388 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\conhost.exe
    2172 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2300 C:\Program Files\VMware\VMware Server\vmware-authd.exe
    2428 C:\Windows\System32\vmnetdhcp.exe
    2524 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    2716 C:\Program Files\VMware\VMware Server\vmware-hostd.exe
    2940 WmiPrvSE.exe
    3100 C:\Windows\System32\svchost.exe
    3220 WmiPrvSE.exe
    3624 C:\Windows\System32\taskhost.exe
    3968 C:\Windows\System32\dwm.exe
    3992 C:\Windows\explorer.exe
    2124 C:\Program Files\Microsoft Security Essentials\msseces.exe
    2148 C:\Windows\WindowsMobile\wmdc.exe
    2116 C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe
    2424 C:\Windows\System32\svchost.exe
    2764 C:\Program Files\pdf24\pdf24.exe
    2992 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1492 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3212 C:\Program Files\iTunes\iTunesHelper.exe
    3888 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3680 C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe
    3984 C:\Program Files\Sandboxie\SbieCtrl.exe
    3988 C:\Program Files\DAEMON Tools Lite\DTLite.exe
    3404 C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    3396 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    3288 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    4080 C:\Program Files\iPod\bin\iPodService.exe
    4396 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    4492 C:\Windows\System32\SearchIndexer.exe
    4632 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4928 C:\Windows\System32\svchost.exe
    5660 C:\Program Files\Mozilla Firefox\firefox.exe
    5804 C:\Program Files\Mozilla Firefox\firefox.exe
    1576 C:\Windows\System32\wbem\WmiApSrv.exe
    3548 C:\Windows\System32\taskmgr.exe
    5556 C:\Windows\System32\SearchProtocolHost.exe
    5092 C:\Windows\System32\SearchFilterHost.exe
    3436 C:\Users\*****\Desktop\MBRCheck.exe
    5420 C:\Windows\System32\conhost.exe
    3884 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`da500000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000007a`18600000  (NTFS)
\\.\O: --> \\.\PhysicalDrive1 at offset 0x00000018`74aece00  (NTFS)
\\.\P: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\Q: --> \\.\PhysicalDrive1 at offset 0x00000009`54921c00  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ100E4
PhysicalDrive1 Model Number: SAMSUNGSP2504C, Rev: VT100-33

      Size  Device Name          MBR Status
  --------------------------------------------
    931 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    232 GB  \\.\PhysicalDrive1  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Und OSAM hängt als zip-File dran, da es in HTML ausgegeben wurde ...

Gruß
ThePhantom

cosinus 03.11.2010 13:43
Zitat:
da es in HTML ausgegeben wurde ...
In der Anleitung steht, Du sollst es als Log und nicht als HTML speichern :D
Naja egal, HTML kann ich auch lesen.

Sieht soweit ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

ThePhantom79 05.11.2010 08:49
So, hier nochmal Lg-Dateien ... es wurder was gefunden (was jedoch mM nicht der Grund des Überls ist :-( ):

SASW

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/03/2010 at 10:15 PM

Application Version : 4.45.1000

Core Rules Database Version : 5804
Trace Rules Database Version: 3616

Scan type      : Complete Scan
Total Scan Time : 03:48:44

Memory items scanned      : 536
Memory threats detected  : 0
Registry items scanned    : 9076
Registry threats detected : 0
File items scanned        : 469398
File threats detected    : 824

Adware.Tracking Cookie
        C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@mediainfo.sourceforge[2].txt
        C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@mediaarea[1].txt
        C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@atdmt[1].txt
        C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@doubleclick[2].txt
        C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@msnportal.112.2o7[1].txt
        media.kyte.tv [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UH7X3QTG ]
        media.mtvnservices.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UH7X3QTG ]
        secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UH7X3QTG ]
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adc-serv[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.adition[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.zanox[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad1.adfarm1.adition[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad2.adfarm1.adition[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adecn[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adecn[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserving.ezanga[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91469.information-seeking[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91491.information-seeking[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz3.91469.information-seeking[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz9.91491.information-seeking[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[4].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[5].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@network.realmedia[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.mlsat02[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.mlsat02[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.quisma[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracking.quisma[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffictrack[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@unitymedia[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@unitymedia[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@usenext[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@user.lucidmedia[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@user.lucidmedia[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vinvest.122.2o7[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@webmasterplan[3].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.networkadvertising[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.usenext[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.zanox-affiliate[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.zanox-affiliate[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox-affiliate[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[1].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[2].txt
        C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zanox[3].txt
        adserv.quality-channel.de [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        auktion.gesext.de [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        cdn1.eyewonder.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        googleads.g.doubleclick.net [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        img-cdn.mediaplex.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        media1.break.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        objects.tremormedia.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        objects.tremormedia.eu [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        pornoprinzen.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        spe.atdmt.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        static.sexsearchcom.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        static.youporn.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        vidii2.hardsextube.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        www.pornoprinzen.com [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        www.unitymedia.de [ P:\Users\*****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UT688PV6 ]
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@12finder[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@12finder[3].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@18pornmovies[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@2o7[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@4shemaleporn[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@a2.adserver01[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@a3.adserver01[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@abyssteens[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.71i[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.ad-srv[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.adition[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.adnet[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.adserver01[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.trackbar[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.yieldmanager[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad.zanox[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ad2.doublepimp[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adbrite[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adfarm1.adition[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@admarketplace[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adprotraffic[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.ad4game[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.fineadult[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.gays[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.glispa[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.heias[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.mail[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.right-ads[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ads.sportwerk[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adsby.aim4media[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adserver.hardsextube[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adsrv.admediate[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adsrv1.admediate[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adtech[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adultadworld[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adultfriendfinder[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adultsex-tube[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adultsex[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@advertising[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@adviva[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@amateurslutsporn[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@apmebf[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@atdmt[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@atwola[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@bluestreak[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@bridge1.admarketplace[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@bs.serving-sys[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@casalemedia[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@cleoteener[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@click.payserve[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@clicks.pangora[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@content.yieldmanager[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@content.yieldmanager[3].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@conventionbanner[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@corkyteens[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@count.xhit[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@counter11.sextracker[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@counter15.sextracker[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@counter16.sextracker[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@counter4.sextracker[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@counter7.sextracker[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@counter9.sextracker[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@coxyteens[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@crazyhomesex[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@date.ventivmedia[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@dev.hardsextube[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@dirtywivesexposed[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@doubleclick[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@eas.apm.emediate[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@ero-advertising[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@eteenvids[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@euros4click[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@exgfnudeporn[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@fastclick[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@fishsexmovies[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@flash-porn[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@fucking-paradise[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@fullsexmovies[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@galleries.adult-empire[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@galleries1.adult-empire[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@gmeurope.112.2o7[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@go.dynamic-tracking[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@greatteengirl[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@hardsextube[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@hisexgirls[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@hotfuckbook[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@im.banner.t-online[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@imrworldwide[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@iporn[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@justxxxvideo[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@livesexlist[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@lovefuckk[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@lucidmedia[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@maturefuckboy[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@media6degrees[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@mediaplex[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@microsoftsto.112.2o7[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@msnportal.112.2o7[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@msnservices.112.2o7[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@myadultclips[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@pinnaclesystems.122.2o7[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@porn-plus[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@porn.vidz[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@pornhub[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@pornorama[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@pornosphere[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@pornteensmovies[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@protraffic[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@questionmarket[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@serving-sys[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sex9[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sexhungrymoms[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sexlist[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sexodirectory[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sexsearchcom[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sextracker[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@sexytubesite[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@smartadserver[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@solocunts[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@solocunts[3].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@specificclick[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@statcounter[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@statse.webtrendslive[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tailteens[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@teenburg[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@teeninsun[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@teenorange[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@teenporntale[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@teenselite[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@teensexmovs[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@thefuckingvideos[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@thefuckingvideos[3].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@toplist[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tour.sexsearchcom[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tracking.3gnet[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tracking.mindshare[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tracking.quisma[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tradedoubler[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@traffic-checker[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@trafficholder[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@traffictrack[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tsprotraffic[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tto2.traffictrack[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tube.iporn[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tubepilot[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@tubepornsearch[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@unitymedia[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@vidsfucker[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@vipteenies[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@voyeurteentube[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@webmasterplan[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@wt.sexsearchcom[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.18pornmovies[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.18to19teenies[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.18to19teenies[3].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.abysspornstars[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.adultmoviedir[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.amateurslutsporn[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.bananasporn[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.coxyteens[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.easysextv[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.etracker[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.familysex[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.fishsexmovies[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.flash-porn[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.foxxxteens[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.fpctraffic2[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.freepornoteens[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.fuckhardclips[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.fullporn[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.fullsexmovies[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.gladteen[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.googleadservices[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.hardsextube[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.hmporn[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.justfuckingteens[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.maturefuckboy[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.maturefuckboy[3].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.maturesextube[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.maturesexymovie[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.maturesexyvids[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.momspornblog[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.niceyoungteens[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.pornhub[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.pornorama[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.pornosmile[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.realsexcity[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.sexvideohq[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.sexyflics[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.sexyminks[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.sexyrussianbabes[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.teenageselfpics[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.teenageselfpics[3].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.teeniepornotube[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.teeniesmile[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.teenporntale[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.teensbabylon[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.tightamateurteens[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.tightamateurteens[3].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.traffictrack[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.tubepornsearch[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.xxxblackbook[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.xxxgamer[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www.zanox-affiliate[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@www3.addfreestats[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@xm.xtendmedia[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@xxx-spoof[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@xxxblackbook[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@xxxcounter[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@xxxcreatures[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@yadro[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@yourlustporn[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@zanox-affiliate[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@zanox[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\*****@zedo[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ad.71i[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ad.salebroker[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ad.zanox[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ads.heias[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@ads.quartermedia[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@euros4click[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@im.banner.t-online[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@imrworldwide[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@komtrack[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@traffictrack[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@tto2.traffictrack[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@webmasterplan[2].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@xiti[1].txt
        P:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\*****@zanox-affiliate[1].txt
        .doubleclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.zanox-affiliate.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        ad.zanox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .zanox-affiliate.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .zanox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        statse.webtrendslive.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .atdmt.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adfarm1.adition.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        a6.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .apmebf.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .apmebf.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        a6.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .bs.serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .serving-sys.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        a7.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .mediaplex.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tto2.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adopt.euroclick.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        ad.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        ad.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        ad.zanox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        ad.zanox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .teltarifdeonlineverlaggmbh.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        ad.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.zanox-affiliate.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.zanox-affiliate.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        a7.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .fastclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .fastclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .mediaplex.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adserv.quality-channel.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        adserver.71i.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .mediaplex.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        a7.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .zedo.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .zedo.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tribalfusion.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .fastclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .fastclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .smartadserver.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .smartadserver.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .smartadserver.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .shop.adultshop.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .www.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .im.banner.t-online.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .revsci.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adbrite.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adbrite.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adbrite.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .zedo.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.usenext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ad.adnet.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .mein.gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .advertising.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .advertising.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .advertising.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tacoda.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tacoda.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tacoda.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .mediaplex.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        a6.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .atwola.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.quartermedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.quartermedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        clicktorrent.info [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .casalemedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .casalemedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .casalemedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ad.adnet.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .xiti.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        zbox.zanox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .advertising.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .advertising.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tracking.3gnet.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .www.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adviva.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adviva.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .trafficmp.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .realmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .realmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .realmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .casalemedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .burstnet.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tradedoubler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .www.traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adopt.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .burstnet.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .hotelscom.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        rotator.adjuggler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        rotator.adjuggler.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        adsrv.admediate.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        adsrv.admediate.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .advertising.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .at.atwola.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .at.atwola.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .fastclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.quartermedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.quartermedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .interclick.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        eas.apm.emediate.eu [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        eas.apm.emediate.eu [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .axelspringer.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .traffictrack.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.quartermedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        a6.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.smartadserver.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .atdmt.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .atdmt.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .atdmt.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .247realmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .questionmarket.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .realmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        eas.apm.emediate.eu [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .247realmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .zedo.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .collective-media.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tracking.3gnet.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tracking.3gnet.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .trafficmp.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .msnportal.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adultfriendfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .clicksor.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .clicksor.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .empornium.us [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .empornium.us [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .empornium.us [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        openx.ventivmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .empornium.us [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .empornium.us [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.quartermedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .overture.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .overture.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .wissende.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.usenext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        mein.gesext.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .cgm.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .at.atwola.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        a3.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .guj.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ads.pointroll.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .burstnet.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .chitika.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .imrworldwide.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .imrworldwide.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .4stats.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .warnerbros.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        track.webtrekk.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .gmeurope.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .skype.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        beacons.hottraffic.nl [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        de.sitestat.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .media6degrees.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .media6degrees.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .media6degrees.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .media6degrees.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .media6degrees.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .interclick.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificmedia.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .trafficmp.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        adserv-new.20six.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .unitymedia.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .bluestreak.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .insightexpressai.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .insightexpressai.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .insightexpressai.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .insightexpressai.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .insightexpressai.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .track.asus.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .track.asus.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        track.asus.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .revsci.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tracking.mindshare.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .pinnaclesystems.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .euros4click.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .torrent-finder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .torrent-finder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .torrent-finder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        torrent-finder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        torrent-finder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        adserver.adreactor.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adbrite.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .kontera.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .kontera.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .kontera.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.crackserialcodes.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.crackserialcodes.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .warez-catalog.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .warez-catalog.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        cdn5.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        cdn5.specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .revsci.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        banner.slashcam.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.soundtrack-board.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.soundtrack-board.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .soundtrack-board.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .soundtrack-board.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .soundtrack-board.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .msnservices.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .hotelreservationservice.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .urlaubfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .urlaubfinder.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .cgm.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .cgm.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .cgm.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www7.addfreestats.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ehg.hitbox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ehg.hitbox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ehg-techtarget.hitbox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .hitbox.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        adserver.digicamclub.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        advertiser.contextmatters.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .ad.adnet.biz [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.11880.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        tracking.11880.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        webcount.feratel.at [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .dealtime.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        stat.dealtime.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        a2.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        adserver.trafficperformance.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .divx.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        data.coremetrics.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .partypoker.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .partypoker.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.moviepilot.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .moviepilot.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .moviepilot.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        livestat.derstandard.at [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        ww251.smartadserver.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .insightexpressai.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .count.xhit.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        de.sitestat.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        de.sitestat.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .vodafonegroup.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.etracker.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.clickgamer.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.clickapps.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www3.addfreestats.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .4stats.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        adserver.iszene.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .microsoftwindows.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tracking.quisma.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .deutschepostag.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        eas4.emediate.eu [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tele2de.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .specificclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        de.sitestat.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        adsrv1.admediate.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .questionmarket.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.clickgamer.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .game-advertising-online.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .videoegg.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .server.cpmstar.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .server.cpmstar.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .motricitymobile2daydeprod.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        de.sitestat.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tracking.mindshare.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .revsci.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .revsci.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .content.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adserver.aol.fr [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .de.at.atwola.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        ad.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        ad.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        track.neckermann.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        track.neckermann.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        track.neckermann.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .webmasterplan.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .superstats.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .unitymedia.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .tracking.mindshare.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .microsoftsto.112.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        eas.apm.emediate.eu [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .yadro.ru [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .adtech.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        a7.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        a7.adserver01.de [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .hansenet.122.2o7.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        www.googleadservices.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .statcounter.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .fastclick.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        eas.apm.emediate.eu [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        ad.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .content.yieldmanager.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .iacas.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .iacas.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .iacas.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .iacas.adbureau.net [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .stat.youku.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .lstat.youku.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]
        .lstat.youku.com [ P:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\15djvi5j.default\cookies.sqlite ]

Trojan.Agent/Gen
        C:\32788R22FWJFW\MBR.CFXXE

Trojan.Agent/Gen-Koobface[Bonkers]
        O:\DIGITAL VIDEO\DBOX2\TOOLS\CAPI-WATCH\DBOX2ISDN_V1\DBOX2ISDN.EXE


MalwareBytes:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5046

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.11.2010 22:11:41
mbam-log-2010-11-04 (22-11-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 364654
Laufzeit: 46 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Im Moment geht es ein wenig besser mit meinem PC.
Was mir auffällt: Wenn ich den Firefox öffnen will, geht das immer nur beim zweiten Klick. Beim ersten mal geht ein Prozess mit 1,8 MB auf, und nix passiert. Erst der zweite Klick öffnete einen weiteren firefox-Prozess, der dann auch den Firefox wirklich öffnet.

Und mein Security Essentials lässt sich immer noch nicht aktualisieren :-(

Gruß und nochmal danke
ThePhantom

cosinus 05.11.2010 15:49
Deinstallier mal bitte Securitry Essentials. Starte den Rechner neu und probier Combofix nochmal.

ThePhantom79 07.11.2010 17:30
Hat leider nichts gebracht - aber ich habe mal im Safe-Mode gestartet. Da gings dann (bringt das was?).
Allgemein ist es jedoch wieder sehr schlimm - da ist defnitiv irgendwas im Verborgnenen:

- selbst öffnende Webseiten
- Blockierung von Updates
- Einfrieren des Rechner
usw. ...


Code:
ComboFix 10-11-07.04 - ****** 07.11.2010  16:59:18.1.4 - x86 NETWORK
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.3326.2274 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((  Dateien erstellt von 2010-10-07 bis 2010-11-07  ))))))))))))))))))))))))))))))
.

2010-11-07 16:02 . 2010-11-07 16:02        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-11-07 15:51 . 2010-11-07 15:51        --------        d-----w-        C:\TollesProgramm
2010-11-06 09:32 . 2010-10-18 08:41        6146896        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05D2C863-039B-41FC-894F-CBC51E9C7058}\mpengine.dll
2010-11-05 17:14 . 2010-10-18 08:41        6146896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B26C2961-CC2D-4369-8402-B3B92DD5B92A}\mpengine.dll
2010-11-05 17:06 . 2010-11-05 17:06        --------        d-----w-        c:\program files\Microsoft Security Essentials
2010-11-03 17:12 . 2010-11-03 17:12        --------        d-----w-        c:\users\*****\AppData\Roaming\SUPERAntiSpyware.com
2010-11-03 17:12 . 2010-11-03 17:12        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2010-11-03 17:12 . 2010-11-03 17:12        --------        d-----w-        c:\program files\SUPERAntiSpyware
2010-11-01 06:51 . 2010-11-01 06:51        --------        d-----w-        c:\program files\CCleaner
2010-10-31 21:00 . 2010-10-31 21:00        --------        d-----w-        C:\_OTL
2010-10-31 08:55 . 2010-10-31 08:55        --------        d-----w-        c:\program files\ESET
2010-10-28 14:41 . 2010-10-31 20:48        --------        d-----w-        C:\HiJackThis
2010-10-28 14:05 . 2010-10-28 14:05        --------        d-----w-        c:\users\*****\AppData\Roaming\Malwarebytes
2010-10-28 14:05 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 14:05 . 2010-10-28 14:05        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-10-28 14:05 . 2010-10-28 14:05        --------        d-----w-        c:\programdata\Malwarebytes
2010-10-28 14:05 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-10-28 05:36 . 2010-10-28 12:27        --------        d---a-w-        C:\DesinfectLogs
2010-10-27 18:25 . 2010-10-30 10:43        --------        d---a-w-        C:\INFECTED
2010-10-25 14:11 . 2010-10-26 14:46        --------        d-----w-        C:\Converted
2010-10-25 14:11 . 2010-10-25 14:11        --------        d-----w-        c:\program files\SoundTaxi Media Suite
2010-10-25 14:10 . 2010-06-15 18:00        245760        ----a-w-        c:\windows\system32\snmvtsvc.exe
2010-10-25 14:10 . 2010-06-16 06:53        5688        ----a-w-        c:\windows\system32\SndTVideo.sys
2010-10-25 14:10 . 2010-06-16 06:53        14392        ----a-w-        c:\windows\system32\SndTVideo.dll
2010-10-25 14:10 . 2010-06-16 06:53        23096        ----a-w-        c:\windows\system32\SndTAudio.sys
2010-10-25 14:10 . 2010-06-16 06:53        23096        ----a-w-        c:\windows\system32\drivers\SndTAudio.sys
2010-10-25 14:10 . 2010-10-25 14:10        --------        d-----w-        c:\program files\SoundTaxi

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-10-26 16:15        222080        ------w-        c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-05-14 17:18        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2010-08-21 05:32 . 2010-09-15 19:11        316928        ----a-w-        c:\windows\system32\spoolsv.exe
2010-08-11 18:45 . 2010-08-11 18:45        29184        ----a-r-        c:\users\*****\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GMX SMS-Manager"="c:\program files\GMX\GMX SMS-Manager\SMSMngr.exe" [2007-07-19 3539968]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-09-30 387584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"CamserviceOG"="c:\program files\Hercules\Deluxe Optical Glass\XtrCtrl.exe" [2009-10-19 2913576]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-02-22 207504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-6-2 1036464]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-26 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28        72208        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58        611712        ----a-w-        c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-03-04 12:31        311296        ----a-w-        c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-02 05:41        1242448        ----a-w-        c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07        199752        ----a-w-        c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-29 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-05 172032]
R2 BitKinex;BitKinex File Transfer Service;c:\program files\BitKinex\bitkinexsvc.exe DISPATCH [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-20 54960]
R2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096]
R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-05 5550592]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-05 176128]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-13 1394688]
R3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys [2009-02-09 99968]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-08-28 17408]
R3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2010-06-15 245760]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2010-06-16 23096]
R3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [2010-06-15 348160]
R3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [2009-10-20 22528]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
Inhalt des "geplante Tasks" Ordners

2010-11-07 c:\windows\Tasks\Funambol Outlook Sync Client - ******.job
- c:\program files\Funambol\Outlook Client\OutlookPlugin.exe [2009-09-03 17:55]

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 14:38]

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 14:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download with BitKinex - c:\program files\BitKinex\ieext_cp.htm
IE: &Register in BitKinex - c:\program files\BitKinex\ieext_reg.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Server\vsocklib.dll
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jt9kjgnv.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jt9kjgnv.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, hxxp://www.gmer.net
Windows 6.1.7600 Disk: SAMSUNG_SP2504C rev.VT100-33 -> \Device\Ide\IdeDeviceP3T0L0-5

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
detected disk devices:
\Device\Ide\IdeDeviceP6T0L0-8 -> \??\IDE#DiskSAMSUNG_HD103SJ_________________________1AJ100E4#5&17b185bc&0&4.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK

Registry trace:
called modules: ntkrnlpa.exe halmacpi.dll

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-11-07  17:03:30
ComboFix-quarantined-files.txt  2010-11-07 16:03

Vor Suchlauf: 19 Verzeichnis(se), 69.865.627.648 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 69.719.048.192 Bytes frei

- - End Of File - - 9D979A1A39914E1AFCCCCE714831AF87

cosinus 07.11.2010 23:20
Bitte Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

ThePhantom79 08.11.2010 09:33
Hi,
ich habe in der Zwischenzeit aus Verzweifelung noch ein Offline-Scan mit der Desinfec't gemacht, und folgende Viren wurden gefunden (sdb2 ist meine Bootpartition):

/media/sdb2/ProgramData/Microsoft/Windows/WER/ReportQueue/Kernel_0_0_15ae5f7d/WER5EE1.tmpatk.kdmp
last modified on Date: 2010-11-01 Time: 08:38:40, Size: 122500 bytes
ALERT: TR/Agent.8704.76 ; trojan ; Is the Trojan horse TR/Agent.8704.76

/media/sdb2/Windows/System32/config/systemprofile/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/30/2cf4ec9e-55e34edd
last modified on Date: 2010-11-02 Time: 17:38:05, Size: 3732 bytes
ALERT: bpac/a.class <<< JAVA/Agent.2212 ; virus ; Contains detection pattern of the Java virus JAVA/Agent.2212

/media/sdb2/Windows/System32/config/systemprofile/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/4c865cbe-73e9d9dc
last modified on Date: 2010-11-04 Time: 22:44:33, Size: 3732 bytes
ALERT: bpac/a.class <<< JAVA/Agent.2212 ; virus ; Contains detection pattern of the Java virus JAVA/Agent.2212

Hier nun die gwünschten Logs:

GMER:

Code:
GMER 1.0.15.15477 - h**p://www.gmer.net
Rootkit scan 2010-11-02 19:33:30
Windows 6.1.7600
Running: 5pr8zszx.exe; Driver: C:\Users\*****\AppData\Local\Temp\kgldiuod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                                                                        82C51599 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                82C75F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE    ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2                                                                                                                            82E83135 5 Bytes  JMP 8941DC50
PAGE    ntkrnlpa.exe!NtRequestWaitReplyPort + 2                                                                                                                                82E84B5D 5 Bytes  JMP 8941DBB0
PAGE    ntkrnlpa.exe!NtRequestPort + 2                                                                                                                                        82E98DC3 5 Bytes  JMP 8941DB10
?      System32\Drivers\spzp.sys                                                                                                                                              Das System kann den angegebenen Pfad nicht finden. !
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                                              section is writeable [0x91807000, 0x2FBFB8, 0xE8000020]
.text  USBPORT.SYS!DllUnload                                                                                                                                                  915D5CA0 5 Bytes  JMP 8706C1D8
.text  a20x9xs7.SYS                                                                                                                                                          98E34000 12 Bytes  [44, 38, 02, 83, EE, 36, 02, ...] {INC ESP; CMP [EDX], AL; SUB ESI, 0x36; ADD AL, [EBX-0x7cfde860]}
.text  a20x9xs7.SYS                                                                                                                                                          98E3400D 9 Bytes  [17, 02, 83, 48, 3B, 02, 83, ...] {POP SS; ADD AL, [EBX-0x7cfdc4b8]; ADD [EAX], AL}
.text  a20x9xs7.SYS                                                                                                                                                          98E34017 170 Bytes  [00, DE, 87, 5A, 83, E6, 85, ...]
.text  a20x9xs7.SYS                                                                                                                                                          98E340C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text  a20x9xs7.SYS                                                                                                                                                          98E340CE 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text  ...                                                                                                                                                                   
.text  autochk.exe                                                                                                                                                            002211D1 2 Bytes  [F1, 19]
.text  autochk.exe                                                                                                                                                            002211D4 3 Bytes  [94, F1, 19]
.text  autochk.exe                                                                                                                                                            002211D8 3 Bytes  [AC, 5E, 18]
.text  autochk.exe                                                                                                                                                            002211DC 1 Byte  [03]
.text  autochk.exe                                                                                                                                                            002211E0 3 Bytes  [7C, EE, 19]
.text  ...                                                                                                                                                                   

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT    \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                                              [834AC042] \SystemRoot\System32\Drivers\spzp.sys
IAT    \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                                              [834AC6D6] \SystemRoot\System32\Drivers\spzp.sys
IAT    \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                                                      [834AC800] \SystemRoot\System32\Drivers\spzp.sys
IAT    \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                                                        [834AC13E] \SystemRoot\System32\Drivers\spzp.sys
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortNotification]                                                                                            00147880
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortQuerySystemTime]                                                                                          78800C75
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                                            06750015
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortStallExecution]                                                                                          C25DC033
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortWritePortUchar]                                                                                          458B0008
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortWritePortUlong]                                                                                          6A006A08
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                                                      50056A24
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                                            005AB7E8
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                                                    0001B800
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetParentBusType]                                                                                        C25D0000
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortRequestCallback]                                                                                          CCCC0008
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                                                    CCCCCCCC
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                                                    CCCCCCCC
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortCompleteRequest]                                                                                          CCCCCCCC
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortCopyMemory]                                                                                              53EC8B55
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortEtwTraceLog]                                                                                              800C5D8B
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                                                7500117B
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                                                  127B806A
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                                                    80647500
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                                                    7500137B
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortInitialize]                                                                                              157B805E
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                                            56587500
IAT    \SystemRoot\System32\Drivers\a20x9xs7.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                                                        8008758B

---- Devices - GMER 1.0.15 ----

Device  \Device\Ide\IdeDeviceP6T0L0-8 -> \??\IDE#DiskSAMSUNG_HD103SJ_________________________1AJ100E4#5&17b185bc&0&4.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}                device not found

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                                                    771343423
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                                                    285507792
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                                                    1
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                    0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                0xE7 0xA9 0xA8 0xA2 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                    C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                    0xD4 0xC3 0x97 0x02 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                        0x6B 0x92 0x83 0x6A ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                          0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                  0x2D 0xDE 0x8D 0x46 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                                  0x8E 0xFC 0x29 0x02 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                        0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                    0xE7 0xA9 0xA8 0xA2 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                        C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                        0xD4 0xC3 0x97 0x02 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                         
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                            0x6B 0x92 0x83 0x6A ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                              0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                      0x2D 0xDE 0x8D 0x46 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                                                   
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                                      0x8E 0xFC 0x29 0x02 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Pinnacle\Studio 14\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook  1
Reg    HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1328d8d3
Reg    HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog                                                                      0x7C 0x04 0x06 0x00 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices@AliveDeviceCount                                                                                          1
Reg    HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices@FunctionalDMRCount                                                                                        1
Reg    HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\E4-7C-F9-7A-7F-B6@Alive                                                                                  0
Reg    HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers@AliveDeviceCount                                                                                    1
Reg    HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers@FunctionalDMRCount                                                                                  1
Reg    HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\UDNRenderers\592DE09F-959F-69CD-2F8E-FBB9AF9EB41F@Alive                                                          0
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                                                    0xC8 0x28 0x51 0xAF ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                                                    0x6A 0x9C 0xD6 0x61 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                                                    0xFF 0x7C 0x85 0xE0 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                                                    0x3E 0x1E 0x9E 0xE0 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                                                    0xCD 0x44 0xCD 0xB9 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                                                    0xB0 0x18 0xED 0xA7 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b                                                    0xFB 0xA7 0x78 0xE6 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d                                                    0x83 0x6C 0x56 0x8B ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3                                                    0xF6 0x0F 0x4E 0x58 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b                                                    0x3D 0xCE 0xEA 0x26 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6                                                    0x2A 0xB7 0xCC 0xB5 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                                                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                                                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2                                                    0xFA 0xEA 0x66 0x7F ...

---- Disk sectors - GMER 1.0.15 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 01: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 02: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 03: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 04: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 05: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 06: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 07: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 08: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 09: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 10: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 11: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 12: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 13: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 14: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 15: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 16: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 17: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 18: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 19: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 20: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 21: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 22: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 23: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 24: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 25: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 26: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 27: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 28: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 29: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 30: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 31: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 32: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 33: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 34: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 35: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 36: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 37: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 38: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 39: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 40: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 41: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 42: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 43: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 44: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 45: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 46: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 47: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 48: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 49: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 50: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 51: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 52: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 53: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 54: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 55: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 56: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 57: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 58: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 59: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 60: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 61: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 62: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                                  sector 63: copy of MBR

---- EOF - GMER 1.0.15 ----

OSAM:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:08:25 on 08.11.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Funambol Outlook Sync Client - *****.job" - "Funambol" - C:\Program Files\Funambol\Outlook Client\OutlookPlugin.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aa9lgrmo" (aa9lgrmo) - "Microsoft Corporation" - C:\Windows\system32\drivers\aa9lgrmo.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Apple Mobile Device Ethernet Service" (Netaapl) - "Apple Inc." - C:\Windows\System32\DRIVERS\netaapl.sys
"catchme" (catchme) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys  (File not found)
"CrystalSysInfo" (CrystalSysInfo) - ? - C:\Program Files\MediaCoder\SysInfo.sys  (File found, but it contains no detailed information)
"kgldiuod" (kgldiuod) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\kgldiuod.sys  (Hidden registry entry, rootkit activity | File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"SbieDrv" (SbieDrv) - "tzuk" - C:\Program Files\Sandboxie\SbieDrv.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys
"VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\drivers\hcmon.sys
"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys
"VMware vmci" (vmci) - "VMware, Inc." - C:\Windows\system32\Drivers\vmci.sys
"VMware VMparport" (VMparport) - "VMware, Inc." - C:\Windows\system32\Drivers\VMparport.sys
"VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\Drivers\vmx86.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files\Pinnacle\Studio 14\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{6567D0AE-32DF-11D7-BC71-00408103CEAF} "ExplExt Class" - "Barad-Dur, LLC." - C:\Program Files\BitKinex\win32\bitkinexwe.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{82774781-8F4E-11D1-AB1C-0000F8773BF0} "DLC Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\grTransferCtrl.dll / https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
{45B69029-F3AB-4204-92DE-D5140C3E8E74} "F5 Networks Auto Update" - "F5 Networks" - C:\Windows\Downloaded Program Files\InstallerControl.dll / C:\Users\CHRIST~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
{41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} "F5 Networks Dynamic Application Tunnel Control" - "F5 Networks" - C:\Windows\Downloaded Program Files\TunnelServerX.dll / C:\Users\CHRIST~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab
{E0FF21FA-B857-45C5-8621-F120A0C17FF2} "F5 Networks Host Control" - "F5 Networks" - C:\Windows\Downloaded Program Files\urxhost.dll / C:\Users\CHRIST~1\AppData\Local\Temp\f5tmp\urxhost.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
{4A85DBE0-BFB2-4119-8401-186A7C6EB653} "{4A85DBE0-BFB2-4119-8401-186A7C6EB653}" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MJSS.ocx / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{38E51477-DDB4-4aed-9D61-D0C193E10749} "Rip YouTube File" - ? - C:\Program Files\SoundTaxi\YouTubeRipper.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -  (File not found | COM-object registry key not found)
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Air Mouse.lnk" - ? - C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"GMX SMS-Manager" - "1&1 Internet AG" - C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe
"Messenger (Yahoo!)" - "Yahoo! Inc." - "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"SandboxieControl" - "tzuk" - "C:\Program Files\Sandboxie\SbieCtrl.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CamserviceOG" - "Guillemot Corporation S.A." - C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe /startup
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MSSE" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"FRITZ!fax Color Monitor" - "AVM Berlin" - C:\Windows\system32\FritzVistaColorMon.dll
"FRITZ!fax Port Monitor" - "AVM Berlin" - C:\Windows\system32\FritzVistaMon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"BitKinex File Transfer Service" (BitKinex) - ? - C:\Program Files\BitKinex\bitkinexsvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Sandboxie Service" (SbieSvc) - "tzuk" - C:\Program Files\Sandboxie\SbieSvc.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SMServer" (SMServer) - "SMServer" - C:\Windows\system32\snmvtsvc.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"STSService" (STSService) - ? - C:\Program Files\SoundTaxi Media Suite\STSService.exe  (File found, but it contains no detailed information)
"VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Program Files\VMware\VMware Server\vmware-authd.exe
"VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\Windows\system32\vmnetdhcp.exe
"VMware Host Agent" (VMwareHostd) - ? - C:\Program Files\VMware\VMware Server\vmware-hostd.exe  (File found, but it contains no detailed information)
"VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\Windows\system32\vmnat.exe
"VMware Server Web Access" (VMwareServerWebAccess) - "Apache Software Foundation" - C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe
"VMware VSS Writer" (vmwriter) - "VMware, Inc." - C:\Program Files\VMware\VMware Server\vmVssWriter.exe
"Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"VMCI sockets DGRAM" - "VMware, Inc." - C:\Program Files\VMware\VMware Server\vsocklib.dll
"VMCI sockets STREAM" - "VMware, Inc." - C:\Program Files\VMware\VMware Server\vsocklib.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Ultimate Edition
Windows Information:                (build 7600), 32-bit
Base Board Manufacturer:        Gigabyte Technology Co., Ltd.
BIOS Manufacturer:                Award Software International, Inc.
System Manufacturer:                Gigabyte Technology Co., Ltd.
System Product Name:                EP45-DS3
Logical Drives Mask:                0x0001debd

Kernel Drivers (total 224):
  0x82C46000 \SystemRoot\system32\ntkrnlpa.exe
  0x82C0F000 \SystemRoot\system32\halmacpi.dll
  0x86DD7000 \SystemRoot\system32\kdcom.dll
  0x8321A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x83292000 \SystemRoot\system32\PSHED.dll
  0x832A3000 \SystemRoot\system32\BOOTVID.dll
  0x832AB000 \SystemRoot\system32\CLFS.SYS
  0x832ED000 \SystemRoot\system32\CI.dll
  0x8343F000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x834B0000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x834BE000 \SystemRoot\System32\Drivers\spir.sys
  0x835B1000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x835BA000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x83398000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x835E0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x835E8000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x83400000 \SystemRoot\system32\DRIVERS\pci.sys
  0x8342A000 \SystemRoot\System32\drivers\partmgr.sys
  0x833E0000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x8363C000 \SystemRoot\System32\drivers\volmgrx.sys
  0x83687000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x8368E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8369C000 \SystemRoot\System32\drivers\mountmgr.sys
  0x836B2000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x836BB000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x836DE000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x836E8000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x836F1000 \SystemRoot\system32\drivers\fltmgr.sys
  0x83725000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8BE22000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8BF51000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8BF7C000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8BF8F000 \SystemRoot\System32\Drivers\cng.sys
  0x8BFEC000 \SystemRoot\System32\drivers\pcw.sys
  0x8BE00000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x83736000 \SystemRoot\system32\drivers\ndis.sys
  0x8C03F000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8C07D000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8C0A2000 \SystemRoot\System32\drivers\tcpip.sys
  0x8C000000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8C031000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x8C223000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8C262000 \SystemRoot\System32\Drivers\spldr.sys
  0x8C26A000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8C297000 \SystemRoot\System32\Drivers\mup.sys
  0x8C2A7000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8C2AF000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8C2E1000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8C2F2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8C34A000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8C369000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0x8C38C000 \SystemRoot\System32\Drivers\Null.SYS
  0x8C393000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8C39A000 \SystemRoot\System32\drivers\vga.sys
  0x8C3A6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C3C7000 \SystemRoot\System32\drivers\watchdog.sys
  0x8C3D4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C3DC000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8C3E4000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8C3EC000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8C200000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8BE09000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8C20E000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x90C27000 \SystemRoot\system32\drivers\afd.sys
  0x90C81000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90CB3000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x90CBC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x90CC3000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90CE2000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
  0x90CF2000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x90D00000 \SystemRoot\system32\DRIVERS\serial.sys
  0x90D1A000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x90D2D000 \SystemRoot\system32\drivers\vpcvmm.sys
  0x90D74000 \SystemRoot\System32\drivers\truecrypt.sys
  0x90DA9000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x90DB9000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0x90DDB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0x91436000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x91477000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x91481000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x9148B000 \SystemRoot\System32\drivers\discache.sys
  0x91497000 \SystemRoot\system32\drivers\csc.sys
  0x914FB000 \SystemRoot\System32\Drivers\dfsc.sys
  0x91513000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x91521000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x91542000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x91554000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x9163A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x95033000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x950EA000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x95123000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x95142000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x9514D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x95198000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x95411000 \SystemRoot\system32\drivers\HCW85BDA.sys
  0x95566000 \SystemRoot\system32\drivers\BdaSup.SYS
  0x95569000 \SystemRoot\system32\drivers\ks.sys
  0x9559D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x955A3000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
  0x955C8000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x955F4000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x95400000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x951A7000 \SystemRoot\system32\DRIVERS\parport.sys
  0x951BF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x9540A000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
  0x951D7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x91600000 \SystemRoot\System32\Drivers\aa9lgrmo.SYS
  0x951E4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x95000000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x95012000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x951F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x91BD4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x91584000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x9159C000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x915B3000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x91BF6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x915CA000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x9540E000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x91400000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
  0x915D7000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x915E5000 \SystemRoot\system32\DRIVERS\vpcusb.sys
  0x90DE1000 \SystemRoot\system32\DRIVERS\usbrpm.sys
  0x951FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x83600000 \SystemRoot\system32\DRIVERS\vpchbus.sys
  0x95E1E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x95E62000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x95E6C000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x95E7D000 \SystemRoot\system32\drivers\AtiHdmi.sys
  0x95E9B000 \SystemRoot\system32\drivers\portcls.sys
  0x95ECA000 \SystemRoot\system32\drivers\drmk.sys
  0x95EE3000 \SystemRoot\system32\drivers\HdAudio.sys
  0x82150000 \SystemRoot\System32\win32k.sys
  0x95F33000 \SystemRoot\System32\drivers\Dxapi.sys
  0x95F3D000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x95F4A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x95F55000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x95F5F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x95F70000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x95F87000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x95F9E000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0x95FAC000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x95FB7000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
  0x95FBD000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x95FC8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x95FDB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x95FE2000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0x95FEA000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x95FF5000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0x99E0C000 \SystemRoot\system32\DRIVERS\snpstd3.sys
  0x9A7F0000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x95E00000 \SystemRoot\system32\DRIVERS\hxctlflt.sys
  0x90C00000 \SystemRoot\system32\drivers\usbaudio.sys
  0x99E00000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x823B0000 \SystemRoot\System32\TSDDD.dll
  0x82000000 \SystemRoot\System32\ATMFD.DLL
  0x82050000 \SystemRoot\System32\cdd.dll
  0x8C317000 \SystemRoot\system32\drivers\luafv.sys
  0x83200000 \SystemRoot\system32\drivers\WudfPf.sys
  0x9502A000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
  0x95E19000 \SystemRoot\system32\DRIVERS\VMNET.SYS
  0x90C14000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8C332000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA001E000 \SystemRoot\system32\drivers\HTTP.sys
  0xA00A3000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA00BC000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA00CE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA00F1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA012C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA0147000 \??\C:\Windows\system32\drivers\hcmon.sys
  0xA0151000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA0158000 \??\C:\Windows\system32\Drivers\vmci.sys
  0xA0164000 \??\C:\Windows\system32\Drivers\VMparport.sys
  0x9FE27000 \??\C:\Windows\system32\Drivers\vmx86.sys
  0x9FEF7000 \SystemRoot\system32\drivers\peauth.sys
  0x9FF8E000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9FF98000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
  0x9FFB8000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9FFD9000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9FFE6000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
  0xA0166000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA3E1A000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA3ECE000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA3F83000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xA3F8C000 \??\C:\Users\CHRIST~1\AppData\Local\Temp\kgldiuod.sys
  0x77670000 \Windows\System32\ntdll.dll
  0x479E0000 \Windows\System32\smss.exe
  0x778B0000 \Windows\System32\apisetschema.dll
  0x00650000 \Windows\System32\autochk.exe
  0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
  0x77890000 \Windows\System32\normaliz.dll
  0x77530000 \Windows\System32\urlmon.dll
  0x77860000 \Windows\System32\imagehlp.dll
  0x77840000 \Windows\System32\sechost.dll
  0x77390000 \Windows\System32\setupapi.dll
  0x777B0000 \Windows\System32\oleaut32.dll
  0x76740000 \Windows\System32\shell32.dll
  0x765E0000 \Windows\System32\ole32.dll
  0x765D0000 \Windows\System32\psapi.dll
  0x76500000 \Windows\System32\msctf.dll
  0x764B0000 \Windows\System32\gdi32.dll
  0x76420000 \Windows\System32\clbcatq.dll
  0x763C0000 \Windows\System32\difxapi.dll
  0x761C0000 \Windows\System32\iertutil.dll
  0x760C0000 \Windows\System32\wininet.dll
  0x760A0000 \Windows\System32\imm32.dll
  0x76020000 \Windows\System32\comdlg32.dll
  0x75F40000 \Windows\System32\kernel32.dll
  0x75F00000 \Windows\System32\ws2_32.dll
  0x75EB0000 \Windows\System32\Wldap32.dll
  0x75EA0000 \Windows\System32\nsi.dll
  0x75E90000 \Windows\System32\lpk.dll
  0x75DE0000 \Windows\System32\msvcrt.dll
  0x75D80000 \Windows\System32\shlwapi.dll
  0x75CB0000 \Windows\System32\user32.dll
  0x75C00000 \Windows\System32\rpcrt4.dll
  0x75B60000 \Windows\System32\advapi32.dll
  0x75AC0000 \Windows\System32\usp10.dll
  0x759A0000 \Windows\System32\crypt32.dll
  0x75950000 \Windows\System32\KernelBase.dll
  0x75920000 \Windows\System32\wintrust.dll
  0x75890000 \Windows\System32\comctl32.dll
  0x75870000 \Windows\System32\devobj.dll
  0x75840000 \Windows\System32\cfgmgr32.dll
  0x75830000 \Windows\System32\msasn1.dll

Processes (total 77):
      0 System Idle Process
      4 System
    320 C:\Windows\System32\smss.exe
    480 csrss.exe
    568 C:\Windows\System32\wininit.exe
    576 csrss.exe
    616 C:\Windows\System32\services.exe
    632 C:\Windows\System32\lsass.exe
    640 C:\Windows\System32\lsm.exe
    752 C:\Windows\System32\svchost.exe
    840 C:\Windows\System32\svchost.exe
    888 C:\Windows\System32\winlogon.exe
    924 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    1000 C:\Windows\System32\atiesrxx.exe
    1060 C:\Windows\System32\svchost.exe
    1136 C:\Windows\System32\svchost.exe
    1176 C:\Windows\System32\svchost.exe
    1468 C:\Windows\System32\svchost.exe
    1572 C:\Windows\System32\atieclxx.exe
    1632 C:\Windows\System32\svchost.exe
    1856 C:\Windows\System32\spoolsv.exe
    1884 C:\Windows\System32\svchost.exe
    2040 C:\Windows\System32\svchost.exe
    128 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    364 C:\Program Files\BitKinex\bitkinexsvc.exe
    416 C:\Program Files\Bonjour\mDNSResponder.exe
    388 C:\Windows\System32\svchost.exe
    436 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    1620 C:\Program Files\CDBurnerXP\NMSAccessU.exe
    1908 C:\Program Files\Sandboxie\SbieSvc.exe
    1592 C:\Windows\System32\svchost.exe
    2068 C:\Windows\System32\vmnat.exe
    2128 C:\Program Files\VMware\VMware Server\tomcat\bin\tomcat6.exe
    2168 C:\Windows\System32\svchost.exe
    2176 C:\Windows\System32\conhost.exe
    2200 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2292 C:\Program Files\VMware\VMware Server\vmware-authd.exe
    2380 C:\Windows\System32\vmnetdhcp.exe
    2488 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    2744 C:\Program Files\VMware\VMware Server\vmware-hostd.exe
    3020 WmiPrvSE.exe
    3080 C:\Windows\System32\svchost.exe
    3912 C:\Windows\System32\taskhost.exe
    4016 C:\Windows\System32\dwm.exe
    4040 C:\Windows\explorer.exe
    2776 C:\Windows\WindowsMobile\wmdc.exe
    1972 C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe
    3060 C:\Windows\System32\svchost.exe
    2996 C:\Program Files\pdf24\pdf24.exe
    3088 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1692 C:\Program Files\iTunes\iTunesHelper.exe
    3368 C:\Program Files\Microsoft Security Essentials\msseces.exe
    3376 C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe
    3388 C:\Program Files\Sandboxie\SbieCtrl.exe
    3408 C:\Program Files\DAEMON Tools Lite\DTLite.exe
    3872 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3708 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3164 C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
    1548 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    3676 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    4280 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    4376 C:\Windows\System32\SearchIndexer.exe
    4448 C:\Program Files\iPod\bin\iPodService.exe
    4624 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5036 C:\Windows\System32\svchost.exe
    5580 C:\Program Files\Mozilla Firefox\firefox.exe
    3600 C:\Windows\System32\taskmgr.exe
    3452 C:\Users\*****\Desktop\5pr8zszx.exe
    4124 C:\Windows\System32\audiodg.exe
    116 C:\Windows\System32\notepad.exe
    3760 C:\Program Files\Mozilla Firefox\firefox.exe
    6108 C:\Windows\System32\SearchProtocolHost.exe
    5880 C:\Windows\System32\SearchFilterHost.exe
    3696 C:\Windows\explorer.exe
    2372 C:\Users\*****\Desktop\MBRCheck.exe
    4776 C:\Windows\System32\conhost.exe
    3140 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`da500000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000007a`18600000  (NTFS)
\\.\O: --> \\.\PhysicalDrive1 at offset 0x00000018`74aece00  (NTFS)
\\.\P: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\Q: --> \\.\PhysicalDrive1 at offset 0x00000009`54921c00  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ100E4
PhysicalDrive1 Model Number: SAMSUNGSP2504C, Rev: VT100-33

      Size  Device Name          MBR Status
  --------------------------------------------
    931 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    232 GB  \\.\PhysicalDrive1  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 09.11.2010 00:32
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

ThePhantom79 09.11.2010 08:03
Hallo,

vielen Dank für Eure Untertsützung - aber ich habe gestern Abend meine Betriebssystempartition formatiert und neu installiert.
Es mochte zwar in den ca. 20 Logs alles immer gut aussehen, aber es wurde immer schlimmer mit den sich öffnenden Popups, Abstürzen, und seltsamen Fehlermeldungen.
Jetzt ist er mal wieder alles gut.
Also nichts für ungut - Danke für Eure Mühe.

Gruß
ThePhantom


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27