Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   4 Funde u.a. HTML/Infected.WebPage.Gen2 (https://www.trojaner-board.de/108718-4-funde-u-a-html-infected-webpage-gen2.html)

Manyra 29.01.2012 10:42
4 Funde u.a. HTML/Infected.WebPage.Gen2
 
Hallo liebe Community,

ich habe mich hier angemeldet, weil mein Avira Free Antivirus 4 Funde angezeigt hat. Avira sollte auf dem neuesten Stand sein, es läd fast täglich Updates herunter. Ich Arbeite mit Windows 7 Home Premium mit automatischen Updates. Zum Glück habe ich bisher keine "komischen" Symptome bei meinem Rechner entdeckt. Bisher läuft alles wie immer ohne Probleme. Nur da ich öffters mal Homebanking mache und auch im Internet Bestellungen durchführe, würde ich gerne auf Nummer sicher gehen.

Beginne mit der Desinfektion:
D:\GAMERPC\Backup Set 2012-01-02 100253\Backup Files 2012-01-02 100253\Backup files 5.zip
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a69a699.qua' verschoben!
D:\GAMERPC\Backup Set 2012-01-02 100253\Backup Files 2012-01-02 100253\Backup files 32.zip
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52fe8938.qua' verschoben!
D:\GAMERPC\Backup Set 2012-01-02 100253\Backup Files 2012-01-02 100253\Backup files 12.zip
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Downloader.BEO
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '00a1d3d1.qua' verschoben!
D:\Downloads-neu\Zotero_win32.zip
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Agent.Gabaeth
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '66899c6a.qua' verschoben!

Sie wurden in Quarantäne gesteckt und nun würde ich gerne um Rat fragen, wie ich sie entgültig entfernen kann und wie schlimm es insgesamt um meinen PC steht.

Schritt 1 mit defogger - Disable - durchgeführt

Schritt 2 mit OTL - durchgeführt

OTL.txt
Code:
OTL logfile created on: 29.01.2012 10:21:33 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = Y:\Benutzer-Sarah
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 72,04% Memory free
7,94 Gb Paging File | 5,97 Gb Available in Paging File | 75,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 540,88 Gb Total Space | 484,30 Gb Free Space | 89,54% Space Free | Partition Type: NTFS
Drive D: | 491,34 Gb Total Space | 357,26 Gb Free Space | 72,71% Space Free | Partition Type: NTFS
Drive Y: | 390,62 Gb Total Space | 268,99 Gb Free Space | 68,86% Space Free | Partition Type: NTFS
Drive Z: | 440,17 Gb Total Space | 173,24 Gb Free Space | 39,36% Space Free | Partition Type: NTFS
 
Computer Name: GAMERPC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.16 14:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- Y:\Benutzer-Sarah\OTL.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.27 04:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2011.08.13 13:51:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2011.08.13 13:50:20 | 000,138,600 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.07.01 01:07:24 | 000,607,592 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
PRC - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
PRC - [2011.02.14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.05.21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010.05.10 11:14:16 | 000,186,848 | ---- | M] () -- C:\Windows\SysWOW64\WinService.exe
PRC - [2010.03.06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.31 00:01:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2011.12.31 00:01:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011.11.19 11:40:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.11.19 11:40:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll
MOD - [2011.11.19 11:40:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\89933ca5a3d6ecfddac2f276746e939e\IAStorUtil.ni.dll
MOD - [2011.11.19 11:40:38 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.11.19 11:40:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.11.19 11:40:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.11.19 11:40:21 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.11.19 11:40:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.11.19 11:40:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.09.27 04:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2011.09.15 08:06:40 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.08.13 13:50:20 | 000,138,600 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.17 08:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2011.02.15 01:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.06.02 12:11:24 | 000,380,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe -- (SynoDrService)
SRV - [2010.05.10 11:14:16 | 000,186,848 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\WinService.exe -- (SCM_Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.10 18:39:46 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.12.09 19:08:45 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.15 08:06:33 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.15 08:06:33 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.07.20 13:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011.07.20 13:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011.06.16 17:10:20 | 000,310,576 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2011.06.16 17:10:20 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011.06.10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.06.10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.06.10 14:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.21 20:28:38 | 000,176,640 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2011.05.21 20:28:28 | 000,230,400 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.05.19 14:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011.05.10 10:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.30 12:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 12:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.04.15 19:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.04.15 19:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.03.17 21:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.17 21:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.07 10:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.03.07 10:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.03.04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.03.04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.02.18 07:20:34 | 000,056,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.04.17 18:11:50 | 000,108,032 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010.04.17 18:11:50 | 000,044,544 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010.04.13 14:08:04 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2010.04.13 14:08:04 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2010.04.13 14:08:00 | 000,340,008 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:64bit: - [2010.04.06 13:12:00 | 000,450,048 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)
DRV:64bit: - [2010.02.26 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.28 11:01:36 | 000,385,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp3132.sys -- (adp3132)
DRV:64bit: - [2010.01.20 14:48:56 | 000,332,688 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.15 11:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID)
DRV:64bit: - [2009.07.14 19:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.22 17:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial)
DRV:64bit: - [2008.05.22 17:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts)
DRV:64bit: - [2008.05.22 17:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts)
DRV:64bit: - [2008.02.20 16:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts)
DRV:64bit: - [2008.02.20 16:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts)
DRV:64bit: - [2008.02.20 16:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial)
DRV:64bit: - [2007.10.12 02:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2007.01.19 02:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.08 17:51:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.31 12:36:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.26 17:49:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.08 17:51:41 | 000,000,000 | ---D | M]
 
[2011.10.07 18:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2011.10.07 18:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.10.07 18:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde}
[2012.01.29 09:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\g2eyt7oz.default\extensions
[2012.01.06 15:44:13 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\g2eyt7oz.default\extensions\foxmarks@kei.com
[2011.12.14 00:22:50 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\g2eyt7oz.default\extensions\My-Translator@eugenche.com
[2011.12.31 12:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.31 12:36:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.31 12:36:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.31 12:36:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.31 12:36:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.31 12:36:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.31 12:36:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.31 12:36:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort14reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.)
O4 - HKCU..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0B9852-81DA-4368-8F04-48EAB596BC8B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\Shell - "" = AutoRun
O33 - MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\Shell - "" = AutoRun
O33 - MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.29 10:16:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- Y:\Benutzer-Sarah\OTL.exe
[2012.01.29 00:31:53 | 000,000,000 | ---D | C] -- Y:\Benutzer-Sarah\MSC CR
[2012.01.26 21:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.26 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.26 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.24 22:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync
[2012.01.24 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureSync
[2012.01.24 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Jumping Bytes
[2012.01.21 12:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology Data Replicator  3
[2012.01.15 15:24:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Western Digital
[2012.01.10 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt
[2012.01.10 18:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012.01.10 18:39:46 | 000,230,864 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012.01.10 18:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012.01.09 20:32:52 | 000,000,000 | ---D | C] -- Y:\Benutzer-Sarah\Remus
[2012.01.08 11:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JezSoft
[2012.01.08 11:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes Folder Watch
[2012.01.03 19:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Synology
[2012.01.03 19:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
[2012.01.03 19:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology
[2012.01.01 19:45:17 | 000,000,000 | ---D | C] -- C:\iPod Photo Cache
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.29 10:11:17 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2012.01.29 09:43:29 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.29 09:43:29 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.29 09:34:15 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488404166-3565964607-2528217831-1000UA.job
[2012.01.29 09:28:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.29 01:07:18 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.29 01:07:18 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.29 01:07:18 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.29 01:07:18 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.29 01:07:18 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.29 00:31:08 | 000,002,677 | ---- | M] () -- C:\Users\Public\Desktop\iTunes Folder Watch (Manual).lnk
[2012.01.28 19:34:04 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488404166-3565964607-2528217831-1000Core.job
[2012.01.28 10:20:34 | 3197,820,928 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.26 21:04:39 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.24 22:25:33 | 000,001,344 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.01.24 22:20:21 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\PureSync.lnk
[2012.01.21 12:38:41 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Synology Data Replicator 3.lnk
[2012.01.14 21:14:14 | 000,000,045 | -H-- | M] () -- Y:\PP11Thumbs.ptn2
[2012.01.14 21:13:59 | 000,192,524 | -H-- | M] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn
[2012.01.14 21:13:59 | 000,000,316 | -H-- | M] () -- Y:\Benutzer-Sarah\maxdesk.ini2
[2012.01.14 21:13:59 | 000,000,237 | -H-- | M] () -- Y:\Benutzer-Sarah\.ppinfocache
[2012.01.14 21:13:59 | 000,000,103 | -H-- | M] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn2
[2012.01.14 21:13:45 | 000,192,488 | -H-- | M] () -- Y:\PP11Thumbs.ptn
[2012.01.14 21:13:45 | 000,000,111 | -H-- | M] () -- Y:\maxdesk.ini2
[2012.01.14 21:13:34 | 033,411,726 | ---- | M] () -- Y:\Konzip teil 2.pdf
[2012.01.10 18:51:08 | 1073,741,824 | ---- | M] () -- Y:\Sarah_TC.ct
[2012.01.10 18:39:47 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012.01.10 18:39:46 | 000,230,864 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012.01.09 20:37:20 | 000,000,202 | -H-- | M] () -- Y:\.ppinfocache
[2012.01.09 20:36:29 | 003,117,289 | ---- | M] () -- Y:\Scan_Doc0004.pdf
[2012.01.03 21:31:00 | 006,437,392 | ---- | M] () -- Y:\Benutzer-Sarah\Syno_UsersGuide_NAServer_deu.pdf
[2012.01.03 19:35:19 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Synology Assistant.lnk
[2011.12.31 19:51:27 | 000,205,224 | ---- | M] () -- Y:\Benutzer-Sarah\star-T.jpg
[2011.12.30 20:11:47 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2012.01.29 10:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2012.01.29 10:10:21 | 000,050,477 | ---- | C] () -- Y:\Benutzer-Sarah\Defogger.exe
[2012.01.28 10:37:07 | 000,080,384 | ---- | C] () -- Y:\Benutzer-Sarah\MBRCheck.exe
[2012.01.26 21:04:39 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.21 12:38:41 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Synology Data Replicator 3.lnk
[2012.01.14 21:13:59 | 000,000,316 | -H-- | C] () -- Y:\Benutzer-Sarah\maxdesk.ini2
[2012.01.14 21:13:59 | 000,000,237 | -H-- | C] () -- Y:\Benutzer-Sarah\.ppinfocache
[2012.01.14 21:13:59 | 000,000,103 | -H-- | C] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn2
[2012.01.14 21:13:55 | 000,192,524 | -H-- | C] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn
[2012.01.14 21:11:42 | 033,411,726 | ---- | C] () -- Y:\Konzip teil 2.pdf
[2012.01.10 18:50:59 | 1073,741,824 | ---- | C] () -- Y:\Sarah_TC.ct
[2012.01.10 18:39:47 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012.01.09 20:37:20 | 000,000,202 | -H-- | C] () -- Y:\.ppinfocache
[2012.01.09 20:37:19 | 000,000,111 | -H-- | C] () -- Y:\maxdesk.ini2
[2012.01.09 20:36:22 | 000,000,045 | -H-- | C] () -- Y:\PP11Thumbs.ptn2
[2012.01.09 20:36:06 | 003,117,289 | ---- | C] () -- Y:\Scan_Doc0004.pdf
[2012.01.09 20:35:43 | 000,192,488 | -H-- | C] () -- Y:\PP11Thumbs.ptn
[2012.01.08 11:57:56 | 000,002,677 | ---- | C] () -- C:\Users\Public\Desktop\iTunes Folder Watch (Manual).lnk
[2012.01.03 21:30:59 | 006,437,392 | ---- | C] () -- Y:\Benutzer-Sarah\Syno_UsersGuide_NAServer_deu.pdf
[2012.01.03 19:32:31 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Synology Assistant.lnk
[2011.12.31 19:51:25 | 000,205,224 | ---- | C] () -- Y:\Benutzer-Sarah\star-T.jpg
[2011.11.16 19:40:19 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.16 12:04:57 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2011.10.08 17:44:41 | 000,241,149 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.09.28 12:49:18 | 000,186,848 | ---- | C] () -- C:\Windows\SysWow64\WinService.exe
[2011.08.13 13:13:10 | 000,034,481 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009.08.18 08:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012.01.14 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\.oit
[2011.10.16 10:31:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.20 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1
[2011.10.07 18:09:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\conkeror.mozdev.org
[2012.01.28 10:21:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox
[2012.01.24 22:20:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Jumping Bytes
[2011.10.06 13:09:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech
[2011.10.07 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\lingDIALOG
[2011.09.28 14:11:43 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mirabyte
[2011.11.16 20:46:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Nuance
[2011.09.28 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Opera
[2011.10.07 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ProtectDISC
[2011.10.07 18:07:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird
[2012.01.10 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt
[2011.12.20 20:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Wacom
[2011.12.20 20:15:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011.11.16 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Zeon
[2012.01.06 11:23:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:FD9CE1F3

< End of report >
Extras.txt
Code:
OTL Extras logfile created on: 29.01.2012 10:21:33 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = Y:\Benutzer-Sarah
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 72,04% Memory free
7,94 Gb Paging File | 5,97 Gb Available in Paging File | 75,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 540,88 Gb Total Space | 484,30 Gb Free Space | 89,54% Space Free | Partition Type: NTFS
Drive D: | 491,34 Gb Total Space | 357,26 Gb Free Space | 72,71% Space Free | Partition Type: NTFS
Drive Y: | 390,62 Gb Total Space | 268,99 Gb Free Space | 68,86% Space Free | Partition Type: NTFS
Drive Z: | 440,17 Gb Total Space | 173,24 Gb Free Space | 39,36% Space Free | Partition Type: NTFS
 
Computer Name: GAMERPC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}" = PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pen Tablet Driver" = Bamboo
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.30
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{042A6F10-F770-4886-A502-B795DCF2D3B5}" = Nuance PDF Viewer Plus
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{153F529B-694F-44D7-8C90-E9036281B3E9}" = PureSync
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F92C742-08BE-9C7A-DF0C-3E1CD06C46C2}" = Sumo Paint Bamboo 2.2
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{450C790A-8C60-4B3D-887E-2124AC823D6D}" = iTunesFolderWatch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator  3
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9607BFD6-A6D4-43C0-8D7B-3D0F84C7EC58}" = Growl iTunes Plug-in
"{960CE333-260D-4887-9785-57E2EEFA287D}" = Nuance PaperPort 14
"{9AC5BB16-8C22-4D5C-9A07-9196183B50C9}_is1" = mirabyte Web Architect 9.5.5
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0839DB3-FBB8-4D14-936F-1D457A088224}" = Bing Bar
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Bamboo Dock" = Bamboo Dock
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1" = Sumo Paint Bamboo 2.2
"Drakensang_is1" = Drakensang
"Grammatiktrainer 5.0 Englisch" = Langenscheidt Grammatiktrainer 5.0 Englisch
"InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird (3.1.8)" = Mozilla Thunderbird (3.1.8)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Opera 11.60.1185" = Opera 11.60
"PDF Blender" = PDF Blender
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PureSync" = PureSync 3.5.0
"Synology Assistant" = Synology Assistant (remove only)
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.11
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.01.2012 20:04:20 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10016
 
Error - 16.01.2012 20:04:21 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.01.2012 20:04:21 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11014
 
Error - 16.01.2012 20:04:21 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11014
 
Error - 16.01.2012 20:04:22 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.01.2012 20:04:22 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12012
 
Error - 16.01.2012 20:04:22 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12012
 
Error - 17.01.2012 14:42:55 | Computer Name = GamerPC | Source = TabletServicePen | ID = 1
Description =
 
Error - 17.01.2012 14:43:04 | Computer Name = GamerPC | Source = WinMgmt | ID = 10
Description =
 
Error - 18.01.2012 18:15:33 | Computer Name = GamerPC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 15.01.2012 08:13:57 | Computer Name = GamerPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 20.01.2012 02:50:14 | Computer Name = GamerPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 TabletServicePen erreicht.
 
Error - 20.01.2012 02:50:14 | Computer Name = GamerPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TabletServicePen" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 24.01.2012 16:18:33 | Computer Name = GamerPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 TabletServicePen erreicht.
 
Error - 24.01.2012 16:18:33 | Computer Name = GamerPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TabletServicePen" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 24.01.2012 17:10:23 | Computer Name = GamerPC | Source = DCOM | ID = 10016
Description =
 
Error - 24.01.2012 17:12:04 | Computer Name = GamerPC | Source = DCOM | ID = 10016
Description =
 
Error - 24.01.2012 17:12:41 | Computer Name = GamerPC | Source = DCOM | ID = 10016
Description =
 
Error - 24.01.2012 17:12:55 | Computer Name = GamerPC | Source = DCOM | ID = 10016
Description =
 
Error - 24.01.2012 17:13:03 | Computer Name = GamerPC | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
Schritt 3 - nicht durchgeführt, da 64 bit Windows

Würde mich über Hilfe freuen
mfg Manyra

cosinus 29.01.2012 20:07
Zitat:
D:\Downloads-neu\Zotero_win32.zip
Was ist das und aus welcher Quelle stammt das?

Manyra 29.01.2012 22:11
Also Zotero ist ein Programm das ich für die Literaturrecherche für mein Studium nutze.
Ich nutze auf meinem Arbeitsrechner aber eine ältere Version, die ein Firefox addon ist.
Auf meinem PC zuhause hab ich es nicht installiert und ich hatte mir überlegt, ob ich die neue Standalone Version ausprobiere. Da sie aber nicht mit der älteren Firefox-Addon-Version kompatibel ist, habe ich sie nicht installiert.
Die Installationsdatei für die Standaloneversion liegt daher ungenutzt im Download-Ordner.
Sie kann eigentlich nur von der Zotero-Webseite stammen.

Bleiben noch die beiden anderen Funde:
HTML/Infected.WebPage.Gen2
JS/Downloader.BEO

Mit dem ersten scheinen noch andere Probleme zu haben, aber zu dem Downloader.BEO habe fast nichts gefunden.

Es sieht so aus, als ob noch mehrere mit dieser Datei Probleme hatten. Im Zotero-Forum wird über das Problem diskutiert


Warum findet Avira eigentlich Funde in Backups und nicht auf dem eigentlichen Rechner, wo sie sich ja befinden müssten.
Das sind übrigens ältere Backups, da ich damals noch keine externe Festplatte dafür hatte.

cosinus 30.01.2012 10:21
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Manyra 31.01.2012 08:37
Hallo cosinus,

bin heute Nacht deiner Anleitung gefolgt und habe nun die Logfiles.

Malwarebytes zeigte keinen Fund
Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.30.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: GAMERPC [Administrator]

Schutz: Aktiviert

30.01.2012 21:15:38
mbam-log-2012-01-30 (21-15-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 601362
Laufzeit: 2 Stunde(n), 41 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Dafür zeigte der ESET Scann 2 Funde
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=48568caa9e73a842b18242981c3bfbd5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-31 03:21:47
# local_time=2012-01-31 04:21:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 9298357 9298357 0 0
# compatibility_mode=5893 16776574 100 94 37652136 79600586 0 0
# compatibility_mode=8192 67108863 100 0 3957 3957 0 0
# scanned=411100
# found=2
# cleaned=0
# scan_time=9371
C:\Users\Sarah\AppData\Local\Mozilla\Firefox\Profiles\g2eyt7oz.default\Cache\9\BF\51F5Ad01        HTML/Iframe.B.Gen virus (unable to clean)        00000000000000000000000000000000        I
D:\Downloads-neu\pinboard10_wordpress-template.zip        PHP/Kryptik.AB trojan (unable to clean)        00000000000000000000000000000000        I
Schon mal Danke für deine Hilfe, aber noch ist es wohl nicht zu Ende.
mfg Manyra

cosinus 31.01.2012 09:14
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Manyra 31.01.2012 21:13
Das war mein erster Scann mit Malwarebytes. Es gibt 3 txt-Dateien bei den Logdateien. Die kann ich dir nochmal hier einfügen.

Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.30.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: GAMERPC [Administrator]

Schutz: Aktiviert

30.01.2012 21:15:38
mbam-log-2012-01-30 (21-15-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 601362
Laufzeit: 2 Stunde(n), 41 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
2012/01/31 01:35:55 +0100        GAMERPC        Sarah        MESSAGE        Stopping IP protection
2012/01/31 01:36:17 +0100        GAMERPC        Sarah        MESSAGE        IP Protection stopped
2012/01/31 06:22:57 +0100        GAMERPC        Sarah        MESSAGE        Executing scheduled update:  Daily
2012/01/31 06:23:55 +0100        GAMERPC        Sarah        MESSAGE        Starting database refresh
2012/01/31 06:23:55 +0100        GAMERPC        Sarah        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.01.30.03 to version v2012.01.31.02
2012/01/31 06:23:56 +0100        GAMERPC        Sarah        MESSAGE        Database refreshed successfully
2012/01/31 21:04:44 +0100        GAMERPC        Sarah        MESSAGE        Starting protection
2012/01/31 21:04:46 +0100        GAMERPC        Sarah        MESSAGE        Protection started successfully
2012/01/31 21:04:49 +0100        GAMERPC        Sarah        MESSAGE        Starting IP protection
2012/01/31 21:04:50 +0100        GAMERPC        Sarah        MESSAGE        IP Protection started successfully
2012/01/31 21:08:55 +0100        GAMERPC        Sarah        MESSAGE        Starting database refresh
2012/01/31 21:08:55 +0100        GAMERPC        Sarah        MESSAGE        Stopping IP protection
2012/01/31 21:09:18 +0100        GAMERPC        Sarah        MESSAGE        IP Protection stopped
2012/01/31 21:09:19 +0100        GAMERPC        Sarah        MESSAGE        Database refreshed successfully
2012/01/31 21:09:19 +0100        GAMERPC        Sarah        MESSAGE        Starting IP protection
2012/01/31 21:09:20 +0100        GAMERPC        Sarah        MESSAGE        IP Protection started successfully
Code:
2012/01/30 21:13:36 +0100        GAMERPC        Sarah        MESSAGE        Starting protection
2012/01/30 21:13:37 +0100        GAMERPC        Sarah        MESSAGE        Protection started successfully
2012/01/30 21:13:40 +0100        GAMERPC        Sarah        MESSAGE        Starting IP protection
2012/01/30 21:13:41 +0100        GAMERPC        Sarah        MESSAGE        IP Protection started successfully
2012/01/30 21:26:34 +0100        GAMERPC        Sarah        MESSAGE        Executing scheduled update:  Daily
2012/01/30 21:26:35 +0100        GAMERPC        Sarah        MESSAGE        Database already up-to-date
Gerade habe ich nochmal auf Aktualisierung geklickt und es gab ein neues Update. Könnte heute Nacht nochmal einen Scan machen.

cosinus 31.01.2012 21:53
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Manyra 31.01.2012 22:58
Okay hab den OTL Quick Scan gemacht und dazu den von dir geposteten Code in das Feld von den Benutzerdefinierten Scans/Fixes eingefügt.

Die OTL.txt befindet sich im Anhang, da sie das maximale Limit an Zeichen bei weitem überschreitet.

cosinus 01.02.2012 10:59
Zitat:
========== Custom Scans ==========


< OTL logfile created on: 31.01.2012 22:33:21 - Run 2 >

< OTL by OldTimer - Version 3.2.31.0 Folder = Y:\Benutzer-Sarah >

< ========== Win32 Services (SafeList) ========== >
Invalid Switch: color]
Sry aber du musst schon aufpassen und darauf achten, dass nicht irgendwas in das Textfeld von OTL eingefügt wird.
Du musst den Scripttext den ich geopstet habe bei OTL reinkopieren aber drfst doch kein Logfile da selbst reinstellen!

Manyra 02.02.2012 08:56
Da hab ich mich ja ganz schön blöd angestellt :headbang:

Heute versuche ich es mal vor der Arbeit und ausgeschlafen.

Hier kommt nun die OTL.txt nach dem Scan mit dem Scripttext von dir.

Code:
OTL logfile created on: 02.02.2012 08:40:45 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = Y:\Benutzer-Sarah
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 62,09% Memory free
7,94 Gb Paging File | 6,21 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 540,88 Gb Total Space | 483,18 Gb Free Space | 89,33% Space Free | Partition Type: NTFS
Drive D: | 491,34 Gb Total Space | 357,26 Gb Free Space | 72,71% Space Free | Partition Type: NTFS
Drive Y: | 390,62 Gb Total Space | 268,64 Gb Free Space | 68,77% Space Free | Partition Type: NTFS
Drive Z: | 440,17 Gb Total Space | 173,12 Gb Free Space | 39,33% Space Free | Partition Type: NTFS
 
Computer Name: GAMERPC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.12 17:57:30 | 000,837,696 | ---- | M] (Jumping Bytes) -- C:\Program Files (x86)\PureSync\PureSyncTray.exe
PRC - [2011.10.16 14:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- Y:\Benutzer-Sarah\OTL.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.27 04:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2011.08.13 13:51:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2011.08.13 13:50:20 | 000,138,600 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.07.01 01:07:24 | 000,607,592 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
PRC - [2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
PRC - [2011.02.14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.05.21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010.05.10 11:14:16 | 000,186,848 | ---- | M] () -- C:\Windows\SysWOW64\WinService.exe
PRC - [2010.03.06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.31 00:01:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2011.12.31 00:01:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011.11.19 11:40:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.11.19 11:40:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll
MOD - [2011.11.19 11:40:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\89933ca5a3d6ecfddac2f276746e939e\IAStorUtil.ni.dll
MOD - [2011.11.19 11:40:38 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.11.19 11:40:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.11.19 11:40:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.11.19 11:40:21 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.11.19 11:40:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.11.19 11:40:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.09.27 04:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2011.09.15 08:06:40 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.08.13 13:50:20 | 000,138,600 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.17 08:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2011.02.15 01:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.06.02 12:11:24 | 000,380,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe -- (SynoDrService)
SRV - [2010.05.10 11:14:16 | 000,186,848 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\WinService.exe -- (SCM_Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.10 18:39:46 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.12.09 19:08:45 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.15 08:06:33 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.15 08:06:33 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.07.20 13:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011.07.20 13:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011.06.16 17:10:20 | 000,310,576 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2011.06.16 17:10:20 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011.06.10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.06.10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.06.10 14:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.21 20:28:38 | 000,176,640 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2011.05.21 20:28:28 | 000,230,400 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.05.19 14:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011.05.10 10:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.30 12:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 12:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.04.15 19:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.04.15 19:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.03.17 21:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.17 21:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.07 10:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.03.07 10:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.03.04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.03.04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.02.18 07:20:34 | 000,056,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.04.17 18:11:50 | 000,108,032 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010.04.17 18:11:50 | 000,044,544 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010.04.13 14:08:04 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2010.04.13 14:08:04 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2010.04.13 14:08:00 | 000,340,008 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:64bit: - [2010.04.06 13:12:00 | 000,450,048 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)
DRV:64bit: - [2010.02.26 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.28 11:01:36 | 000,385,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp3132.sys -- (adp3132)
DRV:64bit: - [2010.01.20 14:48:56 | 000,332,688 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.15 11:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID)
DRV:64bit: - [2009.07.14 19:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.22 17:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial)
DRV:64bit: - [2008.05.22 17:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts)
DRV:64bit: - [2008.05.22 17:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts)
DRV:64bit: - [2008.02.20 16:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts)
DRV:64bit: - [2008.02.20 16:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts)
DRV:64bit: - [2008.02.20 16:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial)
DRV:64bit: - [2007.10.12 02:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2007.01.19 02:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.08 17:51:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.31 12:36:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.26 17:49:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.08 17:51:41 | 000,000,000 | ---D | M]
 
[2011.10.07 18:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2011.10.07 18:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.10.07 18:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde}
[2012.01.29 09:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\g2eyt7oz.default\extensions
[2012.01.06 15:44:13 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\g2eyt7oz.default\extensions\foxmarks@kei.com
[2011.12.14 00:22:50 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\g2eyt7oz.default\extensions\My-Translator@eugenche.com
[2011.12.31 12:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.31 12:36:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.31 12:36:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.31 12:36:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.31 12:36:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.31 12:36:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.31 12:36:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.31 12:36:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort14reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.)
O4 - HKCU..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0B9852-81DA-4368-8F04-48EAB596BC8B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\Shell - "" = AutoRun
O33 - MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\Shell - "" = AutoRun
O33 - MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk - C:\PROGRA~2\NETGEAR\WG111v2\WG111v2.exe - ()
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: PaperPortAnywhere - hkey= - key= - C:\Program Files (x86)\Nuance\PaperPort Anywhere\PaperPortAnywhere.exe (OfficeDrop)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.31 22:28:48 | 000,000,000 | ---D | C] -- Y:\Benutzer-Sarah\Archiv
[2012.01.31 01:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.31 01:38:04 | 002,322,184 | ---- | C] (ESET) -- Y:\Benutzer-Sarah\esetsmartinstaller_enu.exe
[2012.01.30 21:11:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2012.01.30 21:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.30 21:11:37 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.30 21:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.30 21:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.30 21:06:07 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- Y:\Benutzer-Sarah\mbam-setup-1.60.0.1800.exe
[2012.01.29 10:16:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- Y:\Benutzer-Sarah\OTL.exe
[2012.01.29 00:31:53 | 000,000,000 | ---D | C] -- Y:\Benutzer-Sarah\MSC CR
[2012.01.26 21:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.26 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.26 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.24 22:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync
[2012.01.24 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureSync
[2012.01.24 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Jumping Bytes
[2012.01.21 12:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology Data Replicator  3
[2012.01.15 15:24:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Western Digital
[2012.01.10 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt
[2012.01.10 18:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012.01.10 18:39:46 | 000,230,864 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012.01.10 18:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012.01.09 20:32:52 | 000,000,000 | ---D | C] -- Y:\Benutzer-Sarah\Remus
[2012.01.08 11:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JezSoft
[2012.01.08 11:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes Folder Watch
[2012.01.03 19:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Synology
[2012.01.03 19:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
[2012.01.03 19:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.02 08:39:11 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488404166-3565964607-2528217831-1000UA.job
[2012.02.02 08:33:19 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.02 08:33:19 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.02 08:25:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.02 08:25:06 | 3197,820,928 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.31 22:50:01 | 000,028,023 | ---- | M] () -- Y:\Benutzer-Sarah\OTL.zip
[2012.01.31 06:39:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488404166-3565964607-2528217831-1000Core.job
[2012.01.30 21:11:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.30 21:10:12 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.30 21:10:12 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.30 21:10:12 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.30 21:10:12 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.30 21:10:12 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.30 21:05:06 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- Y:\Benutzer-Sarah\mbam-setup-1.60.0.1800.exe
[2012.01.29 10:11:17 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2012.01.29 00:31:08 | 000,002,677 | ---- | M] () -- C:\Users\Public\Desktop\iTunes Folder Watch (Manual).lnk
[2012.01.26 21:04:39 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.24 22:25:33 | 000,001,344 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.01.24 22:20:21 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\PureSync.lnk
[2012.01.21 12:38:41 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Synology Data Replicator 3.lnk
[2012.01.14 21:14:14 | 000,000,045 | -H-- | M] () -- Y:\PP11Thumbs.ptn2
[2012.01.14 21:13:59 | 000,192,524 | -H-- | M] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn
[2012.01.14 21:13:59 | 000,000,316 | -H-- | M] () -- Y:\Benutzer-Sarah\maxdesk.ini2
[2012.01.14 21:13:59 | 000,000,237 | -H-- | M] () -- Y:\Benutzer-Sarah\.ppinfocache
[2012.01.14 21:13:59 | 000,000,103 | -H-- | M] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn2
[2012.01.14 21:13:45 | 000,192,488 | -H-- | M] () -- Y:\PP11Thumbs.ptn
[2012.01.14 21:13:45 | 000,000,111 | -H-- | M] () -- Y:\maxdesk.ini2
[2012.01.14 21:13:34 | 033,411,726 | ---- | M] () -- Y:\Konzip teil 2.pdf
[2012.01.10 18:51:08 | 1073,741,824 | ---- | M] () -- Y:\Sarah_TC.ct
[2012.01.10 18:39:47 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012.01.10 18:39:46 | 000,230,864 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012.01.09 20:37:20 | 000,000,202 | -H-- | M] () -- Y:\.ppinfocache
[2012.01.09 20:36:29 | 003,117,289 | ---- | M] () -- Y:\Scan_Doc0004.pdf
[2012.01.03 21:31:00 | 006,437,392 | ---- | M] () -- Y:\Benutzer-Sarah\Syno_UsersGuide_NAServer_deu.pdf
[2012.01.03 19:35:19 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Synology Assistant.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.31 22:50:01 | 000,028,023 | ---- | C] () -- Y:\Benutzer-Sarah\OTL.zip
[2012.01.30 21:11:38 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.29 10:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2012.01.29 10:10:21 | 000,050,477 | ---- | C] () -- Y:\Benutzer-Sarah\Defogger.exe
[2012.01.28 10:37:07 | 000,080,384 | ---- | C] () -- Y:\Benutzer-Sarah\MBRCheck.exe
[2012.01.26 21:04:39 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.21 12:38:41 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Synology Data Replicator 3.lnk
[2012.01.14 21:13:59 | 000,000,316 | -H-- | C] () -- Y:\Benutzer-Sarah\maxdesk.ini2
[2012.01.14 21:13:59 | 000,000,237 | -H-- | C] () -- Y:\Benutzer-Sarah\.ppinfocache
[2012.01.14 21:13:59 | 000,000,103 | -H-- | C] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn2
[2012.01.14 21:13:55 | 000,192,524 | -H-- | C] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn
[2012.01.14 21:11:42 | 033,411,726 | ---- | C] () -- Y:\Konzip teil 2.pdf
[2012.01.10 18:50:59 | 1073,741,824 | ---- | C] () -- Y:\Sarah_TC.ct
[2012.01.10 18:39:47 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012.01.09 20:37:20 | 000,000,202 | -H-- | C] () -- Y:\.ppinfocache
[2012.01.09 20:37:19 | 000,000,111 | -H-- | C] () -- Y:\maxdesk.ini2
[2012.01.09 20:36:22 | 000,000,045 | -H-- | C] () -- Y:\PP11Thumbs.ptn2
[2012.01.09 20:36:06 | 003,117,289 | ---- | C] () -- Y:\Scan_Doc0004.pdf
[2012.01.09 20:35:43 | 000,192,488 | -H-- | C] () -- Y:\PP11Thumbs.ptn
[2012.01.08 11:57:56 | 000,002,677 | ---- | C] () -- C:\Users\Public\Desktop\iTunes Folder Watch (Manual).lnk
[2012.01.03 21:30:59 | 006,437,392 | ---- | C] () -- Y:\Benutzer-Sarah\Syno_UsersGuide_NAServer_deu.pdf
[2012.01.03 19:32:31 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Synology Assistant.lnk
[2011.11.16 19:40:19 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.16 12:04:57 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2011.10.08 17:44:41 | 000,241,149 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.09.28 12:49:18 | 000,186,848 | ---- | C] () -- C:\Windows\SysWow64\WinService.exe
[2011.08.13 13:13:10 | 000,034,481 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009.08.18 08:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012.01.14 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\.oit
[2011.10.16 10:31:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.20 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1
[2011.10.07 18:09:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\conkeror.mozdev.org
[2012.02.02 08:25:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox
[2012.01.24 22:20:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Jumping Bytes
[2011.10.06 13:09:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech
[2011.10.07 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\lingDIALOG
[2011.09.28 14:11:43 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mirabyte
[2011.11.16 20:46:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Nuance
[2011.09.28 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Opera
[2011.10.07 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ProtectDISC
[2011.10.07 18:07:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird
[2012.01.10 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt
[2011.12.20 20:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Wacom
[2011.12.20 20:15:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011.11.16 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Zeon
[2012.01.06 11:23:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.14 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\.oit
[2011.10.02 08:49:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Adobe
[2011.12.27 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Apple Computer
[2011.10.15 10:53:24 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Avira
[2011.10.16 10:31:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.20 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1
[2011.10.07 18:09:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\conkeror.mozdev.org
[2012.02.02 08:25:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox
[2011.11.16 21:32:45 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FLEXnet
[2011.10.08 19:27:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\HP
[2012.01.01 14:06:17 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\HpUpdate
[2011.09.28 12:02:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Identities
[2011.09.28 12:49:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\InstallShield
[2011.09.28 12:02:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Intel Corporation
[2012.01.24 22:20:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Jumping Bytes
[2011.10.06 13:09:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech
[2011.10.07 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\lingDIALOG
[2011.10.06 12:26:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Logishrd
[2011.10.06 13:15:01 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Logitech
[2011.09.28 15:04:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Macromedia
[2012.01.30 21:11:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2010.11.21 08:00:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Media Center Programs
[2012.01.01 18:21:59 | 000,000,000 | --SD | M] -- C:\Users\Sarah\AppData\Roaming\Microsoft
[2011.09.28 14:11:43 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mirabyte
[2011.09.28 12:20:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla
[2011.11.16 20:46:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Nuance
[2011.09.28 21:29:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\NVIDIA
[2011.09.28 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Opera
[2011.10.07 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ProtectDISC
[2011.10.07 18:07:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird
[2012.01.10 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt
[2011.10.01 13:27:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\vlc
[2011.12.20 20:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Wacom
[2011.12.20 20:15:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011.12.20 20:10:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WTablet
[2011.11.16 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 21:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.12.20 20:21:36 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Sarah\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.06 13:09:27 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.12.24 22:51:11 | 000,010,134 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys
[2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_b8d31a7001998667\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.09.15 08:06:33 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.09.15 08:06:33 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.09.15 08:06:33 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.09.15 08:06:33 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.09.15 08:06:33 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.09.15 08:06:33 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.09.15 08:06:33 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.09.15 08:06:33 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2009.07.14 02:16:13 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\scrrun.dll
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:FD9CE1F3

< End of report >

cosinus 02.02.2012 16:27
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\Shell - "" = AutoRun
O33 - MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\Shell - "" = AutoRun
O33 - MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\Shell\AutoRun\command - "" = J:\AutoRun.exe
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:FD9CE1F3
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Manyra 03.02.2012 09:37
Den Fix hab ich durchgeführt. Nachdem OTL fertig war, wurde ein Neustart nötig. Dabei ist Windwos beim Abmelden hängen geblieben. Nachdem der Abmeldebildschirm 5 min zu sehen war und der Rechner auch keine Arbeitsgeräusche gemacht hat, habe ich ihn manuel ausgeschalten.
Er fuhr danach wieder normal hoch, nur mit dem Hinweis, dass Windows nicht richtig beendet wurde. Habe ihn im normalen Modus gestartet.

Nach dem Hochfahren wurde die neu OTL.txt angezeigt

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09471378-3f72-11e1-b442-6c626d3b67fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09471378-3f72-11e1-b442-6c626d3b67fb}\ not found.
File "L:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\ not found.
File J:\AutoRun.exe not found.
ADS C:\ProgramData\TEMP:FD9CE1F3 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sarah
->Temp folder emptied: 265251073 bytes
->Temporary Internet Files folder emptied: 234542330 bytes
->Java cache emptied: 22548025 bytes
->FireFox cache emptied: 1056224354 bytes
->Google Chrome cache emptied: 13554609 bytes
->Opera cache emptied: 924445 bytes
->Flash cache emptied: 81464 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 196073176 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 17580832470 bytes
 
Total Files Cleaned = 18.473,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02032012_090809

Files\Folders moved on Reboot...
C:\Users\Sarah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 03.02.2012 12:35
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Manyra 04.02.2012 10:16
Endlich Wochenende :)

TDSSKiller von Kaspersky habe ich nach deiner Anleitung durchgeführt und es gab keine Funde.

Code:
10:12:15.0190 4036        TDSS rootkit removing tool 2.7.9.0 Feb  1 2012 09:28:49
10:12:15.0378 4036        ============================================================
10:12:15.0378 4036        Current date / time: 2012/02/04 10:12:15.0378
10:12:15.0378 4036        SystemInfo:
10:12:15.0378 4036       
10:12:15.0378 4036        OS Version: 6.1.7601 ServicePack: 1.0
10:12:15.0378 4036        Product type: Workstation
10:12:15.0378 4036        ComputerName: GAMERPC
10:12:15.0378 4036        UserName: Sarah
10:12:15.0378 4036        Windows directory: C:\Windows
10:12:15.0378 4036        System windows directory: C:\Windows
10:12:15.0378 4036        Running under WOW64
10:12:15.0378 4036        Processor architecture: Intel x64
10:12:15.0378 4036        Number of processors: 4
10:12:15.0378 4036        Page size: 0x1000
10:12:15.0378 4036        Boot type: Normal boot
10:12:15.0378 4036        ============================================================
10:12:16.0133 4036        Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:12:16.0154 4036        \Device\Harddisk0\DR0:
10:12:16.0154 4036        MBR used
10:12:16.0154 4036        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x439C3000
10:12:16.0195 4036        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x439C4000, BlocksNum 0x30D3F000
10:12:16.0195 4036        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x74703800, BlocksNum 0x3D6AF000
10:12:16.0195 4036        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xB1DB3000, BlocksNum 0x37054800
10:12:16.0387 4036        Initialize success
10:12:16.0387 4036        ============================================================
10:12:56.0737 2908        ============================================================
10:12:56.0737 2908        Scan started
10:12:56.0737 2908        Mode: Manual; SigCheck; TDLFS;
10:12:56.0737 2908        ============================================================
10:12:57.0052 2908        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
10:12:57.0231 2908        1394ohci - ok
10:12:57.0338 2908        acedrv11        (894ea27aaadbb8792ab67a767bd5df62) C:\Windows\system32\drivers\acedrv11.sys
10:12:57.0651 2908        acedrv11 - ok
10:12:57.0734 2908        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:12:57.0753 2908        ACPI - ok
10:12:57.0774 2908        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:12:57.0906 2908        AcpiPmi - ok
10:12:57.0970 2908        adp3132        (132190688d8e51d61f88a150d7df9fb4) C:\Windows\system32\drivers\adp3132.sys
10:12:57.0992 2908        adp3132 - ok
10:12:58.0017 2908        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:12:58.0037 2908        adp94xx - ok
10:12:58.0071 2908        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:12:58.0086 2908        adpahci - ok
10:12:58.0109 2908        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:12:58.0121 2908        adpu320 - ok
10:12:58.0210 2908        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:12:58.0306 2908        AFD - ok
10:12:58.0338 2908        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:12:58.0371 2908        agp440 - ok
10:12:58.0402 2908        ahcix64s        (af53917d9741a84627fa689ea622558a) C:\Windows\system32\drivers\ahcix64s.sys
10:12:58.0419 2908        ahcix64s - ok
10:12:58.0445 2908        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:12:58.0457 2908        aliide - ok
10:12:58.0494 2908        amdhub30        (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\drivers\amdhub30.sys
10:12:58.0507 2908        amdhub30 - ok
10:12:58.0515 2908        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:12:58.0527 2908        amdide - ok
10:12:58.0588 2908        amdide64        (d52a2e98c5eeff88ced28793b6b04d84) C:\Windows\system32\drivers\amdide64.sys
10:12:58.0598 2908        amdide64 - ok
10:12:58.0623 2908        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:12:58.0691 2908        AmdK8 - ok
10:12:58.0700 2908        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:12:58.0747 2908        AmdPPM - ok
10:12:58.0782 2908        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:12:58.0800 2908        amdsata - ok
10:12:58.0825 2908        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:12:58.0844 2908        amdsbs - ok
10:12:58.0908 2908        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:12:58.0922 2908        amdxata - ok
10:12:58.0954 2908        amdxhc          (321533578132c811ec834a1b741c994c) C:\Windows\system32\drivers\amdxhc.sys
10:12:58.0971 2908        amdxhc - ok
10:12:58.0999 2908        amd_sata        (f9d46b6b322708bd5afcc8767ebdc901) C:\Windows\system32\drivers\amd_sata.sys
10:12:59.0030 2908        amd_sata - ok
10:12:59.0052 2908        amd_xata        (329cc9c7e20deebcd4cd10816193ef14) C:\Windows\system32\drivers\amd_xata.sys
10:12:59.0063 2908        amd_xata - ok
10:12:59.0146 2908        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:12:59.0279 2908        AppID - ok
10:12:59.0331 2908        arc            (d73aad4946051d074909fdfd34d94c7b) C:\Windows\system32\drivers\arc.sys
10:12:59.0339 2908        arc - ok
10:12:59.0356 2908        arcsas          (46e8c3eb03224a1e55c6f0c100a9d2cc) C:\Windows\system32\drivers\arcsas.sys
10:12:59.0365 2908        arcsas - ok
10:12:59.0385 2908        asmthub3        (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\drivers\asmthub3.sys
10:12:59.0393 2908        asmthub3 - ok
10:12:59.0422 2908        asmtxhci        (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\drivers\asmtxhci.sys
10:12:59.0435 2908        asmtxhci - ok
10:12:59.0472 2908        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:12:59.0614 2908        AsyncMac - ok
10:12:59.0675 2908        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:12:59.0690 2908        atapi - ok
10:12:59.0743 2908        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
10:12:59.0760 2908        avgntflt - ok
10:12:59.0842 2908        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
10:12:59.0858 2908        avipbb - ok
10:12:59.0884 2908        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
10:12:59.0894 2908        avkmgr - ok
10:13:00.0001 2908        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:13:00.0054 2908        b06bdrv - ok
10:13:00.0126 2908        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:13:00.0198 2908        b57nd60a - ok
10:13:00.0263 2908        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:13:00.0322 2908        Beep - ok
10:13:00.0378 2908        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:13:00.0463 2908        blbdrive - ok
10:13:00.0512 2908        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:13:00.0633 2908        bowser - ok
10:13:00.0702 2908        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:13:00.0758 2908        BrFiltLo - ok
10:13:00.0806 2908        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:13:00.0826 2908        BrFiltUp - ok
10:13:00.0870 2908        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:13:00.0942 2908        Brserid - ok
10:13:00.0962 2908        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:13:01.0014 2908        BrSerWdm - ok
10:13:01.0028 2908        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:13:01.0122 2908        BrUsbMdm - ok
10:13:01.0185 2908        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:13:01.0211 2908        BrUsbSer - ok
10:13:01.0253 2908        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:13:01.0277 2908        BTHMODEM - ok
10:13:01.0326 2908        busenum        (fc278504bfa3ac7e9ed92359d0ee7282) C:\Windows\system32\DRIVERS\busenum.sys
10:13:01.0337 2908        busenum - ok
10:13:01.0350 2908        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:13:01.0418 2908        cdfs - ok
10:13:01.0434 2908        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:13:01.0482 2908        cdrom - ok
10:13:01.0492 2908        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:13:01.0519 2908        circlass - ok
10:13:01.0552 2908        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:13:01.0570 2908        CLFS - ok
10:13:01.0611 2908        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:13:01.0641 2908        CmBatt - ok
10:13:01.0658 2908        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:13:01.0671 2908        cmdide - ok
10:13:01.0697 2908        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:13:01.0732 2908        CNG - ok
10:13:01.0774 2908        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:13:01.0789 2908        Compbatt - ok
10:13:01.0818 2908        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:13:01.0882 2908        CompositeBus - ok
10:13:01.0907 2908        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:13:01.0922 2908        crcdisk - ok
10:13:01.0991 2908        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:13:02.0071 2908        DfsC - ok
10:13:02.0119 2908        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:13:02.0162 2908        discache - ok
10:13:02.0209 2908        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:13:02.0226 2908        Disk - ok
10:13:02.0300 2908        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:13:02.0339 2908        Dot4 - ok
10:13:02.0358 2908        Dot4Print      (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:13:02.0375 2908        Dot4Print - ok
10:13:02.0404 2908        dot4usb        (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:13:02.0434 2908        dot4usb - ok
10:13:02.0480 2908        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:13:02.0504 2908        drmkaud - ok
10:13:02.0538 2908        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:13:02.0569 2908        DXGKrnl - ok
10:13:02.0633 2908        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:13:02.0693 2908        ebdrv - ok
10:13:02.0737 2908        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:13:02.0763 2908        elxstor - ok
10:13:02.0792 2908        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:13:02.0819 2908        ErrDev - ok
10:13:02.0856 2908        EtronHub3      (3663291d0d26001a2bb67678ab61d14c) C:\Windows\System32\Drivers\EtronHub3.sys
10:13:02.0925 2908        EtronHub3 - ok
10:13:02.0947 2908        EtronXHCI      (744420d6c062c38f7361870f010d6d4b) C:\Windows\System32\Drivers\EtronXHCI.sys
10:13:02.0970 2908        EtronXHCI - ok
10:13:03.0000 2908        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:13:03.0060 2908        exfat - ok
10:13:03.0098 2908        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:13:03.0137 2908        fastfat - ok
10:13:03.0170 2908        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:13:03.0207 2908        fdc - ok
10:13:03.0258 2908        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:13:03.0274 2908        FileInfo - ok
10:13:03.0285 2908        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:13:03.0337 2908        Filetrace - ok
10:13:03.0354 2908        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:13:03.0363 2908        flpydisk - ok
10:13:03.0394 2908        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:13:03.0418 2908        FltMgr - ok
10:13:03.0438 2908        FLxHCIc        (e35f19855192d025da41e8dfa318206a) C:\Windows\system32\drivers\FLxHCIc.sys
10:13:03.0472 2908        FLxHCIc - ok
10:13:03.0519 2908        FLxHCIh        (bbbd5d42d8cb3ad0f43f7bc4db92eb5e) C:\Windows\system32\drivers\FLxHCIh.sys
10:13:03.0594 2908        FLxHCIh - ok
10:13:03.0610 2908        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:13:03.0623 2908        FsDepends - ok
10:13:03.0650 2908        fssfltr        (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
10:13:03.0662 2908        fssfltr - ok
10:13:03.0698 2908        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:13:03.0710 2908        Fs_Rec - ok
10:13:03.0733 2908        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:13:03.0749 2908        fvevol - ok
10:13:03.0789 2908        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:13:03.0805 2908        gagp30kx - ok
10:13:03.0844 2908        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:13:03.0856 2908        GEARAspiWDM - ok
10:13:03.0877 2908        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:13:03.0924 2908        hcw85cir - ok
10:13:03.0957 2908        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:13:04.0002 2908        HdAudAddService - ok
10:13:04.0031 2908        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:13:04.0065 2908        HDAudBus - ok
10:13:04.0086 2908        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:13:04.0116 2908        HidBatt - ok
10:13:04.0136 2908        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:13:04.0159 2908        HidBth - ok
10:13:04.0193 2908        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:13:04.0214 2908        HidIr - ok
10:13:04.0256 2908        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:13:04.0319 2908        HidUsb - ok
10:13:04.0361 2908        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:13:04.0377 2908        HpSAMD - ok
10:13:04.0400 2908        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:13:04.0471 2908        HTTP - ok
10:13:04.0492 2908        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:13:04.0498 2908        hwpolicy - ok
10:13:04.0541 2908        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:13:04.0580 2908        i8042prt - ok
10:13:04.0601 2908        iaStor          (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
10:13:04.0621 2908        iaStor - ok
10:13:04.0670 2908        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:13:04.0694 2908        iaStorV - ok
10:13:04.0715 2908        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:13:04.0729 2908        iirsp - ok
10:13:04.0769 2908        Impcd          (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
10:13:04.0808 2908        Impcd - ok
10:13:04.0894 2908        IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\Windows\system32\drivers\RTKVHD64.sys
10:13:04.0943 2908        IntcAzAudAddService - ok
10:13:04.0964 2908        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:13:04.0972 2908        intelide - ok
10:13:05.0017 2908        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:13:05.0044 2908        intelppm - ok
10:13:05.0083 2908        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:13:05.0124 2908        IpFilterDriver - ok
10:13:05.0136 2908        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:13:05.0180 2908        IPMIDRV - ok
10:13:05.0197 2908        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:13:05.0241 2908        IPNAT - ok
10:13:05.0295 2908        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:13:05.0372 2908        IRENUM - ok
10:13:05.0392 2908        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:13:05.0406 2908        isapnp - ok
10:13:05.0445 2908        ISASerial      (ac45d94185cf67267d06bf2f45e9e31e) C:\Windows\system32\drivers\ISASerial.sys
10:13:05.0508 2908        ISASerial - ok
10:13:05.0559 2908        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:13:05.0581 2908        iScsiPrt - ok
10:13:05.0594 2908        JRAID          (c0d9ba660a41ee8a269ef804e6cd0d7b) C:\Windows\system32\drivers\jraid.sys
10:13:05.0603 2908        JRAID - ok
10:13:05.0643 2908        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:13:05.0658 2908        kbdclass - ok
10:13:05.0681 2908        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:13:05.0711 2908        kbdhid - ok
10:13:05.0753 2908        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:13:05.0770 2908        KSecDD - ok
10:13:05.0794 2908        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:13:05.0814 2908        KSecPkg - ok
10:13:05.0830 2908        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:13:05.0885 2908        ksthunk - ok
10:13:05.0970 2908        LHidFilt        (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:13:05.0985 2908        LHidFilt - ok
10:13:06.0016 2908        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:13:06.0089 2908        lltdio - ok
10:13:06.0099 2908        LMouFilt        (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:13:06.0106 2908        LMouFilt - ok
10:13:06.0136 2908        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:13:06.0145 2908        LSI_FC - ok
10:13:06.0159 2908        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:13:06.0168 2908        LSI_SAS - ok
10:13:06.0180 2908        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:13:06.0189 2908        LSI_SAS2 - ok
10:13:06.0204 2908        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:13:06.0213 2908        LSI_SCSI - ok
10:13:06.0238 2908        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:13:06.0276 2908        luafv - ok
10:13:06.0344 2908        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
10:13:06.0355 2908        MBAMProtector - ok
10:13:06.0386 2908        MBfilt          (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
10:13:06.0395 2908        MBfilt - ok
10:13:06.0414 2908        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:13:06.0429 2908        megasas - ok
10:13:06.0446 2908        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:13:06.0468 2908        MegaSR - ok
10:13:06.0490 2908        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:13:06.0528 2908        Modem - ok
10:13:06.0563 2908        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:13:06.0594 2908        monitor - ok
10:13:06.0611 2908        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:13:06.0626 2908        mouclass - ok
10:13:06.0656 2908        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:13:06.0701 2908        mouhid - ok
10:13:06.0736 2908        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:13:06.0748 2908        mountmgr - ok
10:13:06.0763 2908        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:13:06.0781 2908        mpio - ok
10:13:06.0798 2908        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:13:06.0850 2908        mpsdrv - ok
10:13:06.0872 2908        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:13:06.0899 2908        MRxDAV - ok
10:13:06.0951 2908        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:13:07.0055 2908        mrxsmb - ok
10:13:07.0075 2908        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:13:07.0099 2908        mrxsmb10 - ok
10:13:07.0107 2908        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:13:07.0119 2908        mrxsmb20 - ok
10:13:07.0130 2908        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:13:07.0138 2908        msahci - ok
10:13:07.0155 2908        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:13:07.0165 2908        msdsm - ok
10:13:07.0186 2908        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:13:07.0250 2908        Msfs - ok
10:13:07.0281 2908        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:13:07.0329 2908        mshidkmdf - ok
10:13:07.0350 2908        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:13:07.0358 2908        msisadrv - ok
10:13:07.0395 2908        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:13:07.0418 2908        MSKSSRV - ok
10:13:07.0430 2908        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:13:07.0476 2908        MSPCLOCK - ok
10:13:07.0488 2908        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:13:07.0545 2908        MSPQM - ok
10:13:07.0566 2908        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:13:07.0580 2908        MsRPC - ok
10:13:07.0601 2908        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:13:07.0606 2908        mssmbios - ok
10:13:07.0635 2908        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:13:07.0663 2908        MSTEE - ok
10:13:07.0685 2908        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:13:07.0700 2908        MTConfig - ok
10:13:07.0751 2908        MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\drivers\ASACPI.sys
10:13:07.0762 2908        MTsensor - ok
10:13:07.0798 2908        MtsHID          (07ad6825d5c658595cab7f8f5849401c) C:\Windows\system32\drivers\MtsHID.sys
10:13:07.0810 2908        MtsHID - ok
10:13:07.0819 2908        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:13:07.0833 2908        Mup - ok
10:13:07.0839 2908        mv91cons        (3f70e83c6a9f617d649a82149d337724) C:\Windows\system32\drivers\mv91cons.sys
10:13:07.0846 2908        mv91cons - ok
10:13:07.0861 2908        mv91xx          (611ebe534df049ad9413552fa81ecf75) C:\Windows\system32\drivers\mv91xx.sys
10:13:07.0894 2908        mv91xx - ok
10:13:07.0932 2908        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:13:07.0968 2908        NativeWifiP - ok
10:13:08.0042 2908        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:13:08.0073 2908        NDIS - ok
10:13:08.0108 2908        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:13:08.0152 2908        NdisCap - ok
10:13:08.0173 2908        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:13:08.0317 2908        NdisTapi - ok
10:13:08.0352 2908        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:13:08.0377 2908        Ndisuio - ok
10:13:08.0400 2908        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:13:08.0436 2908        NdisWan - ok
10:13:08.0460 2908        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:13:08.0495 2908        NDProxy - ok
10:13:08.0524 2908        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:13:08.0588 2908        NetBIOS - ok
10:13:08.0608 2908        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:13:08.0631 2908        NetBT - ok
10:13:08.0688 2908        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:13:08.0703 2908        nfrd960 - ok
10:13:08.0711 2908        NmPar - ok
10:13:08.0718 2908        nmserial - ok
10:13:08.0733 2908        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:13:08.0776 2908        Npfs - ok
10:13:08.0818 2908        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:13:08.0877 2908        nsiproxy - ok
10:13:08.0927 2908        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:13:08.0967 2908        Ntfs - ok
10:13:08.0979 2908        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:13:09.0014 2908        Null - ok
10:13:09.0062 2908        nusb3hub        (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys
10:13:09.0140 2908        nusb3hub - ok
10:13:09.0163 2908        nusb3xhc        (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:13:09.0234 2908        nusb3xhc - ok
10:13:09.0246 2908        nvamacpi        (7fd5c060cb907489a5702f628226f54a) C:\Windows\system32\drivers\NVAMACPI.sys
10:13:09.0258 2908        nvamacpi - ok
10:13:09.0297 2908        NVHDA          (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
10:13:09.0314 2908        NVHDA - ok
10:13:09.0545 2908        nvlddmkm        (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:13:09.0683 2908        nvlddmkm - ok
10:13:09.0744 2908        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:13:09.0763 2908        nvraid - ok
10:13:09.0779 2908        nvrd64          (694f5e9d9d624d47f432f5b2e66a0528) C:\Windows\system32\drivers\nvrd64.sys
10:13:09.0796 2908        nvrd64 - ok
10:13:09.0813 2908        nvsmu          (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\drivers\nvsmu.sys
10:13:09.0825 2908        nvsmu - ok
10:13:09.0847 2908        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:13:09.0866 2908        nvstor - ok
10:13:09.0903 2908        nvstor64        (05de5dc43afe6cab78f9c7ca044cbcbe) C:\Windows\system32\drivers\nvstor64.sys
10:13:09.0923 2908        nvstor64 - ok
10:13:09.0966 2908        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:13:09.0984 2908        nv_agp - ok
10:13:10.0006 2908        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:13:10.0029 2908        ohci1394 - ok
10:13:10.0076 2908        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:13:10.0107 2908        Parport - ok
10:13:10.0129 2908        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:13:10.0145 2908        partmgr - ok
10:13:10.0179 2908        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:13:10.0197 2908        pci - ok
10:13:10.0250 2908        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:13:10.0263 2908        pciide - ok
10:13:10.0304 2908        PciIsaSerial    (d7c203015e2c2a2eac8dacef156d8dc3) C:\Windows\system32\drivers\PciIsaSerial.sys
10:13:10.0374 2908        PciIsaSerial - ok
10:13:10.0395 2908        PciPPorts      (088b509b2f35a3cee00ac0e0bc4c5bed) C:\Windows\system32\drivers\PciPPorts.sys
10:13:10.0447 2908        PciPPorts - ok
10:13:10.0457 2908        PciSPorts      (7f97cdd5e91fc73da2b01344957aa058) C:\Windows\system32\drivers\PciSPorts.sys
10:13:10.0498 2908        PciSPorts - ok
10:13:10.0537 2908        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:13:10.0559 2908        pcmcia - ok
10:13:10.0583 2908        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:13:10.0598 2908        pcw - ok
10:13:10.0661 2908        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:13:10.0745 2908        PEAUTH - ok
10:13:10.0794 2908        PPorts          (14c04684a25c221ebe2105d169b4b6ff) C:\Windows\system32\drivers\PPorts.sys
10:13:10.0808 2908        PPorts - ok
10:13:10.0835 2908        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:13:10.0900 2908        PptpMiniport - ok
10:13:10.0921 2908        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:13:10.0937 2908        Processor - ok
10:13:10.0960 2908        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:13:10.0991 2908        Psched - ok
10:13:11.0026 2908        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:13:11.0057 2908        ql2300 - ok
10:13:11.0082 2908        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:13:11.0093 2908        ql40xx - ok
10:13:11.0100 2908        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:13:11.0113 2908        QWAVEdrv - ok
10:13:11.0133 2908        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:13:11.0157 2908        RasAcd - ok
10:13:11.0189 2908        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:13:11.0229 2908        RasAgileVpn - ok
10:13:11.0247 2908        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:13:11.0273 2908        Rasl2tp - ok
10:13:11.0288 2908        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:13:11.0343 2908        RasPppoe - ok
10:13:11.0385 2908        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:13:11.0425 2908        RasSstp - ok
10:13:11.0441 2908        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:13:11.0470 2908        rdbss - ok
10:13:11.0488 2908        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:13:11.0506 2908        rdpbus - ok
10:13:11.0517 2908        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:13:11.0539 2908        RDPCDD - ok
10:13:11.0554 2908        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:13:11.0585 2908        RDPENCDD - ok
10:13:11.0624 2908        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:13:11.0646 2908        RDPREFMP - ok
10:13:11.0669 2908        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:13:11.0696 2908        RDPWD - ok
10:13:11.0737 2908        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:13:11.0759 2908        rdyboost - ok
10:13:11.0778 2908        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:13:11.0825 2908        rspndr - ok
10:13:11.0910 2908        RTL8167        (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:13:11.0932 2908        RTL8167 - ok
10:13:11.0984 2908        RTL8187        (d4af0298e0031aeed81b241ff56e95d1) C:\Windows\system32\DRIVERS\wg111v2.sys
10:13:12.0025 2908        RTL8187 - ok
10:13:12.0041 2908        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:13:12.0059 2908        sbp2port - ok
10:13:12.0079 2908        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:13:12.0127 2908        scfilter - ok
10:13:12.0181 2908        SCMNdisP        (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
10:13:12.0193 2908        SCMNdisP - ok
10:13:12.0225 2908        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:13:12.0265 2908        secdrv - ok
10:13:12.0309 2908        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:13:12.0336 2908        Serenum - ok
10:13:12.0370 2908        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:13:12.0402 2908        Serial - ok
10:13:12.0419 2908        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:13:12.0446 2908        sermouse - ok
10:13:12.0474 2908        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:13:12.0492 2908        sffdisk - ok
10:13:12.0499 2908        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:13:12.0523 2908        sffp_mmc - ok
10:13:12.0536 2908        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:13:12.0564 2908        sffp_sd - ok
10:13:12.0572 2908        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:13:12.0592 2908        sfloppy - ok
10:13:12.0629 2908        Si3124r5        (da492c8305434ec6f9bdd60c8b83b10e) C:\Windows\system32\drivers\Si3124r5.sys
10:13:12.0655 2908        Si3124r5 - ok
10:13:12.0681 2908        SiFilter        (8d10887a1699cf61e74467694b929b09) C:\Windows\system32\drivers\SiWinAcc.sys
10:13:12.0692 2908        SiFilter - ok
10:13:12.0711 2908        SiRemFil        (94e1eda9a0b305a67ee1bbd0a68ce21a) C:\Windows\system32\drivers\SiRemFil.sys
10:13:12.0722 2908        SiRemFil - ok
10:13:12.0757 2908        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:13:12.0772 2908        SiSRaid2 - ok
10:13:12.0789 2908        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:13:12.0803 2908        SiSRaid4 - ok
10:13:12.0824 2908        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:13:12.0867 2908        Smb - ok
10:13:12.0893 2908        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:13:12.0900 2908        spldr - ok
10:13:12.0922 2908        SPorts          (739c2571867f351167d1d958990e9d84) C:\Windows\system32\drivers\SPorts.sys
10:13:12.0948 2908        SPorts - ok
10:13:12.0993 2908        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:13:13.0025 2908        srv - ok
10:13:13.0044 2908        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:13:13.0095 2908        srv2 - ok
10:13:13.0153 2908        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:13:13.0202 2908        srvnet - ok
10:13:13.0220 2908        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:13:13.0250 2908        stexstor - ok
10:13:13.0262 2908        StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
10:13:13.0308 2908        StillCam - ok
10:13:13.0333 2908        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:13:13.0340 2908        swenum - ok
10:13:13.0471 2908        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:13:13.0528 2908        Tcpip - ok
10:13:13.0551 2908        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:13:13.0575 2908        TCPIP6 - ok
10:13:13.0595 2908        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:13:13.0629 2908        tcpipreg - ok
10:13:13.0650 2908        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:13:13.0673 2908        TDPIPE - ok
10:13:13.0693 2908        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:13:13.0717 2908        TDTCP - ok
10:13:13.0753 2908        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:13:13.0778 2908        tdx - ok
10:13:13.0797 2908        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
10:13:13.0805 2908        TermDD - ok
10:13:13.0816 2908        tihub3          (68fe3d89829e27d4fd5eea7bd2c41985) C:\Windows\system32\drivers\tihub3.sys
10:13:13.0825 2908        tihub3 - ok
10:13:13.0869 2908        tixhci          (0102c9633ce1f18a6ac021f28b734db5) C:\Windows\system32\drivers\tixhci.sys
10:13:13.0892 2908        tixhci - ok
10:13:13.0925 2908        truecrypt      (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
10:13:13.0936 2908        truecrypt - ok
10:13:13.0990 2908        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:13:14.0051 2908        tssecsrv - ok
10:13:14.0073 2908        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:13:14.0134 2908        TsUsbFlt - ok
10:13:14.0143 2908        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:13:14.0166 2908        TsUsbGD - ok
10:13:14.0226 2908        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:13:14.0291 2908        tunnel - ok
10:13:14.0299 2908        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:13:14.0309 2908        uagp35 - ok
10:13:14.0332 2908        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:13:14.0374 2908        udfs - ok
10:13:14.0424 2908        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:13:14.0438 2908        uliagpkx - ok
10:13:14.0454 2908        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:13:14.0500 2908        umbus - ok
10:13:14.0537 2908        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:13:14.0569 2908        UmPass - ok
10:13:14.0618 2908        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:13:14.0673 2908        USBAAPL64 - ok
10:13:14.0702 2908        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:13:14.0732 2908        usbccgp - ok
10:13:14.0741 2908        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:13:14.0797 2908        usbcir - ok
10:13:14.0830 2908        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:13:14.0877 2908        usbehci - ok
10:13:14.0920 2908        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:13:14.0961 2908        usbhub - ok
10:13:14.0981 2908        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:13:15.0009 2908        usbohci - ok
10:13:15.0022 2908        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:13:15.0076 2908        usbprint - ok
10:13:15.0150 2908        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:13:15.0171 2908        usbscan - ok
10:13:15.0209 2908        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:13:15.0273 2908        USBSTOR - ok
10:13:15.0295 2908        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:13:15.0323 2908        usbuhci - ok
10:13:15.0383 2908        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:13:15.0397 2908        vdrvroot - ok
10:13:15.0407 2908        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:13:15.0425 2908        vga - ok
10:13:15.0444 2908        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:13:15.0472 2908        VgaSave - ok
10:13:15.0491 2908        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:13:15.0504 2908        vhdmp - ok
10:13:15.0525 2908        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:13:15.0533 2908        viaide - ok
10:13:15.0545 2908        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:13:15.0561 2908        volmgr - ok
10:13:15.0584 2908        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:13:15.0602 2908        volmgrx - ok
10:13:15.0622 2908        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:13:15.0635 2908        volsnap - ok
10:13:15.0657 2908        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:13:15.0668 2908        vsmraid - ok
10:13:15.0714 2908        VUSB3HUB        (5be34bfade20ff6c154b4663605b6212) C:\Windows\system32\drivers\ViaHub3.sys
10:13:15.0765 2908        VUSB3HUB - ok
10:13:15.0785 2908        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:13:15.0850 2908        vwifibus - ok
10:13:15.0918 2908        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:13:15.0951 2908        vwififlt - ok
10:13:15.0988 2908        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:13:16.0034 2908        vwifimp - ok
10:13:16.0082 2908        wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
10:13:16.0092 2908        wacommousefilter - ok
10:13:16.0101 2908        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:13:16.0134 2908        WacomPen - ok
10:13:16.0204 2908        wacomvhid      (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
10:13:16.0214 2908        wacomvhid - ok
10:13:16.0239 2908        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:13:16.0297 2908        WANARP - ok
10:13:16.0333 2908        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:13:16.0364 2908        Wanarpv6 - ok
10:13:16.0390 2908        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:13:16.0398 2908        Wd - ok
10:13:16.0419 2908        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:13:16.0461 2908        Wdf01000 - ok
10:13:16.0491 2908        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:13:16.0514 2908        WfpLwf - ok
10:13:16.0561 2908        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:13:16.0575 2908        WIMMount - ok
10:13:16.0618 2908        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:13:16.0628 2908        WmiAcpi - ok
10:13:16.0666 2908        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:13:16.0699 2908        ws2ifsl - ok
10:13:16.0760 2908        WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:13:16.0811 2908        WSDPrintDevice - ok
10:13:16.0850 2908        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:13:16.0901 2908        WudfPf - ok
10:13:16.0948 2908        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:13:16.0989 2908        WUDFRd - ok
10:13:17.0000 2908        xhcdrv          (109b6f1888845661d19b7a458776d5d1) C:\Windows\system32\drivers\xhcdrv.sys
10:13:17.0044 2908        xhcdrv - ok
10:13:17.0067 2908        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:13:17.0185 2908        \Device\Harddisk0\DR0 - ok
10:13:17.0188 2908        Boot (0x1200)  (a3e6a8ec4d921066e565a49dd844cc22) \Device\Harddisk0\DR0\Partition0
10:13:17.0189 2908        \Device\Harddisk0\DR0\Partition0 - ok
10:13:17.0202 2908        Boot (0x1200)  (ffa48af3a7600d8c9a6fe9c09ad1c272) \Device\Harddisk0\DR0\Partition1
10:13:17.0222 2908        \Device\Harddisk0\DR0\Partition1 - ok
10:13:17.0281 2908        Boot (0x1200)  (9469f3b95b96002b518172b48223e13c) \Device\Harddisk0\DR0\Partition2
10:13:17.0282 2908        \Device\Harddisk0\DR0\Partition2 - ok
10:13:17.0303 2908        Boot (0x1200)  (4d4ac8e7fb5d78f4b060bfbc8cdb906f) \Device\Harddisk0\DR0\Partition3
10:13:17.0304 2908        \Device\Harddisk0\DR0\Partition3 - ok
10:13:17.0305 2908        ============================================================
10:13:17.0305 2908        Scan finished
10:13:17.0305 2908        ============================================================
10:13:17.0317 5600        Detected object count: 0
10:13:17.0317 5600        Actual detected object count: 0

cosinus 05.02.2012 18:18
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Manyra 05.02.2012 21:54
ComboFix habe ich nun durchgeführt.
Anschließend kam die Fehlermeldung mit den Registrierungsschlüsseln, wie du beschriben hast, aber nach einem Neustart ist das wieder in Ordnung.
Sonst lief alles ohne Probleme.

Code:
ComboFix 12-02-05.02 - Sarah 05.02.2012  21:31:45.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4066.2466 [GMT 1:00]
ausgeführt von:: y:\benutzer-sarah\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\_Setup.dll
c:\programdata\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.dat
c:\programdata\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.exe
c:\programdata\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.ico
c:\programdata\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\TsuDll.dll
c:\windows\SysWow64\winservice.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SCM_Service
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-05 bis 2012-02-05  ))))))))))))))))))))))))))))))
.
.
2012-02-05 20:36 . 2012-02-05 20:36        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-02-05 20:36 . 2012-02-05 20:36        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-04 09:46 . 2012-02-04 09:57        --------        d-----w-        c:\users\Sarah\AppData\Roaming\PicasaStarter
2012-02-04 09:39 . 2012-02-04 09:39        --------        d-----w-        c:\program files (x86)\Google
2012-01-31 00:39 . 2012-01-31 00:39        --------        d-----w-        c:\program files (x86)\ESET
2012-01-30 20:11 . 2012-01-30 20:11        --------        d-----w-        c:\users\Sarah\AppData\Roaming\Malwarebytes
2012-01-30 20:11 . 2012-02-05 08:43        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-30 20:11 . 2012-01-30 20:11        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-30 20:11 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-26 20:04 . 2012-01-26 20:04        --------        d-----w-        c:\program files\iTunes
2012-01-26 20:04 . 2012-01-26 20:04        --------        d-----w-        c:\program files\iPod
2012-01-24 21:20 . 2012-01-24 21:20        --------        d-----w-        c:\program files (x86)\PureSync
2012-01-24 21:20 . 2012-01-24 21:20        --------        d-----w-        c:\program files (x86)\Common Files\Jumping Bytes
2012-01-21 11:38 . 2012-01-21 11:38        --------        d-----w-        c:\program files (x86)\Synology Data Replicator  3
2012-01-15 14:24 . 2012-01-15 14:24        --------        d-----w-        c:\users\Sarah\AppData\Local\Western Digital
2012-01-12 00:19 . 2012-01-12 00:19        4448256        ----a-w-        c:\windows\SysWow64\GPhotos.scr
2012-01-11 20:36 . 2011-10-26 05:25        1572864        ----a-w-        c:\windows\system32\quartz.dll
2012-01-11 20:36 . 2011-10-26 05:25        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-11 20:36 . 2011-10-26 04:32        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-01-11 20:36 . 2011-10-26 04:32        1328128        ----a-w-        c:\windows\SysWow64\quartz.dll
2012-01-11 20:36 . 2011-11-17 06:41        1731920        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-11 20:36 . 2011-11-17 05:38        1292080        ----a-w-        c:\windows\SysWow64\ntdll.dll
2012-01-11 20:36 . 2011-11-19 14:58        77312        ----a-w-        c:\windows\system32\packager.dll
2012-01-11 20:36 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\SysWow64\packager.dll
2012-01-10 17:41 . 2012-01-10 17:52        --------        d-----w-        c:\users\Sarah\AppData\Roaming\TrueCrypt
2012-01-10 17:39 . 2012-01-10 17:39        230864        ----a-w-        c:\windows\system32\drivers\truecrypt.sys
2012-01-10 17:39 . 2012-01-10 17:44        --------        d-----w-        c:\program files\TrueCrypt
2012-01-08 10:57 . 2012-01-08 10:57        --------        d-----w-        c:\program files (x86)\JezSoft
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 22:41 . 2011-10-06 12:09        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2011-12-09 18:08 . 2011-10-15 09:53        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-11-24 04:52 . 2011-12-13 20:57        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-11-12 08:08 . 2011-09-28 10:59        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"PureSync"="c:\program files (x86)\PureSync\PureSyncTray.exe" [2011-12-12 837696]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-08-13 30568]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-08-13 46952]
"PPort14reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2011-05-16 333088]
"PDFProHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe" [2011-07-01 607592]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 adp3132;adp3132;c:\windows\system32\drivers\adp3132.sys [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R3 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [x]
R3 amdide64;amdide64;c:\windows\system32\drivers\amdide64.sys [x]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-15 183560]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [x]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [x]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 ISASerial;PCIe-ISA Communication Port;c:\windows\system32\drivers\ISASerial.sys [x]
R3 MtsHID;TechniSat Mantis BDA HID Driver;c:\windows\system32\drivers\MtsHID.sys [x]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys [x]
R3 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [x]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [x]
R3 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\nmserial.sys [x]
R3 nvamacpi;nvamacpi;c:\windows\system32\drivers\NVAMACPI.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\drivers\PciIsaSerial.sys [x]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys [x]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys [x]
R3 PPorts;PCIe ECP Parallel Port;c:\windows\system32\drivers\PPorts.sys [x]
R3 Si3124r5;Si3124r5;c:\windows\system32\drivers\Si3124r5.sys [x]
R3 SPorts;High-Speed PCIe Serial Port;c:\windows\system32\drivers\SPorts.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [x]
R3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\drivers\ViaHub3.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\drivers\xhcdrv.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-08-13 138600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [2010-06-02 380928]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [2011-02-18 245760]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1488404166-3565964607-2528217831-1000Core.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 13:23]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1488404166-3565964607-2528217831-1000UA.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 13:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-07-06 7233640]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"combofix"="c:\combofix\CF15452.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\g2eyt7oz.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-{4102037D-E8E0-48E0-B203-E521D194FB71} - c:\program files (x86)\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-05  21:42:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-05 20:42
.
Vor Suchlauf: 8 Verzeichnis(se), 520.685.105.152 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 520.349.466.624 Bytes frei
.
- - End Of File - - 9B40AF42A70C5268842FF951EEB5AB1B

cosinus 05.02.2012 22:33
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Manyra 05.02.2012 23:19
Liste der Anhänge anzeigen (Anzahl: 1)
aswMBR hat die Virendefinitionen geladen.
Beim Scan stürzt es an einer bestimmten Stelle ab, hab es 2x getestet.

Im Anhang findest du einen Screenshot dazu.

cosinus 05.02.2012 23:46
Der MBR ist aber ok, diese Info reicht mir schon.

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Manyra 07.02.2012 08:19
Malwarebytes ergab keinen Fund. Jedoch hat SUPERAntiSpyware ordentlich was gefunden.


Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.06.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: GAMERPC [Administrator]

Schutz: Aktiviert

06.02.2012 19:21:01
mbam-log-2012-02-06 (19-21-01).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 431253
Laufzeit: 1 Stunde(n), 26 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/07/2012 at 03:09 AM

Application Version : 5.0.1144

Core Rules Database Version : 8207
Trace Rules Database Version: 6019

Scan type      : Complete Scan
Total Scan Time : 02:51:08

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 756
Memory threats detected  : 0
Registry items scanned    : 70865
Registry threats detected : 0
File items scanned        : 352543
File threats detected    : 413

Adware.Tracking Cookie
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\HMKA7E3I.txt [ /mediaplex.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\UR3A3L57.txt [ /apmebf.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\K06P2H30.txt [ /smartadserver.com ]
        C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\J3OSRHKX.txt [ /atdmt.com ]
        C:\USERS\SARAH\Cookies\HMKA7E3I.txt [ Cookie:sarah@mediaplex.com/ ]
        C:\USERS\SARAH\Cookies\UR3A3L57.txt [ Cookie:sarah@apmebf.com/ ]
        C:\USERS\SARAH\Cookies\K06P2H30.txt [ Cookie:sarah@smartadserver.com/ ]
        C:\USERS\SARAH\Cookies\J3OSRHKX.txt [ Cookie:sarah@atdmt.com/ ]
        .tracking.percentmobile.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        adserver.ip-phone-forum.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .getclicky.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .static.getclicky.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ads.zeusclicks.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ads2.zeusclicks.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .hitbox.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ehg.hitbox.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        tracking.sim-technik.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ads.crakmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ads.crakmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www8.addfreestats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .pornhub.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        nl.sitestat.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .pubads.g.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .pubads.g.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .burstnet.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.ypuporn.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .mediaevent.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .mediaevent.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.xxxmatch.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.xxxmatch.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        wt.xxxmatch.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        tracking.tchibo.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .c.gigcount.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.mediamarkt.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .mediamarkt.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ads.adxvalue.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .enoratraffic.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tacoda.at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .germanwings.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .siemens.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .invitrogen.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .illumina.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        int.sitestat.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        int.sitestat.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .asco.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .trackalyzer.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        auslieferung.commindo-media-ressourcen.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .mediamilitia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .mediamilitia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        auslieferung.commindo-media-ressourcen.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        studivz.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        studivz.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wfkighcpodo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6whkioic5oeo.stats.esomniture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        spenden.wikimedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        spenden.wikimedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        count.asnetworks.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.mindshare.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        tradefx.advertserve.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ebusiness.springer-business-media.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .valueclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .valueclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .fortunecity.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .fortunecity.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        flagcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        zbox.zanox.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .letssexyfighting.blogspot.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .letssexyfighting.blogspot.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .letssexyfighting.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .estat.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.burstnet.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tto2.traffictrack.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .vogelservices.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ads.trafficjunky.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .syndication.traffichaus.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        stat.ed.cupidplc.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        pornografish.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        pornografish.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        pornografish.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        pornografish.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        pornografish.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .atlanticmedia.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .de.partypoker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ads.crakmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .sexad.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .burstnet.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.burstnet.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.burstnet.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        adserver.adreactor.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .blogads.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .blogads.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        stats.manticoretechnology.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .advertstream.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .stepstone.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        adserver.doccheck.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .dyntracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ads.247activemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        adsrv1.admediate.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ads1.moonchildmedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .mm.chitika.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .ghmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .cmpmedica.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .247realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.sevenonemedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.sevenonemedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .sevenonemedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .sevenonemedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .sevenonemedia.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2EYT7OZ.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Sefnit
        C:\QOOBOX\QUARANTINE\C\PROGRAMDATA\TARMA INSTALLER\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\_SETUP.DLL.VIR

cosinus 07.02.2012 12:24
Das ist ok. In C:\Qoobox bzw. C:\_OTL (Q-Ordner von CF und OTL) sind die Schädlinge isoliert und gut aufgehoben.
Der Rest ist nur Cookies, weg damit. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Manyra 08.02.2012 09:05
Das scheinen alle Funde gewesen zu sein. Avira findet nichts mehr.

Sollte mir wohl regelmäßigere Systemprüfungen anzugewöhnen oder sie gleich automatisch laufen zu lassen.
Werde mich mal durch eure Anleitungen lesen und weiter informieren.
Sollte ich alle hier genutzten Programme wieder löschen?

Zum Glück hatte ich noch keine ernsthaften Probleme, wie es andere hier beschreiben.

Dann sage ich mal :dankeschoen: für deine Mühen und deine Geduld.

mfg Manyra

cosinus 08.02.2012 11:44
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131