Trojaner-Board - Entfernung Searchcore Toolbar

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Entfernung Searchcore Toolbar (https://www.trojaner-board.de/111849-entfernung-searchcore-toolbar.html)

Entfernung Searchcore Toolbar

Hallo,

habe seit heute ein Problem mit der searchcore toolbar.

Firefox öffnet sich nur noch mit folgender Startseite: hxxp://www.searchcore.net/426

Löschen des entsprechende AddOns im Firefox, sowie der Anwedung aus der Systemsteuerung brachte erwartungsgemäß keine Verbeserung.

Defogger und dds habe ich ausgeführt. Die Logs hängen an.

Vielen schonmal im Voraus;)

Grüße,

Heinblöd666

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hi,

Hier die Logs:

Malwarebytes

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.21.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

PC :: PC-PC [Administrator]
 

Schutz: Aktiviert
 

21.03.2012 16:33:36

mbam-log-2012-03-21 (16-33-36).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 335073

Laufzeit: 43 Minute(n), 57 Sekunde(n)
 

Infizierte Speicherprozesse: 1

C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1756 -> Löschen bei Neustart.
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 2

HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 4

C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Löschen bei Neustart.

C:\Users\PC\AudioPerformerSetup.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\PC\AppData\Local\Temp\Audio Performer53412.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\PC\Desktop\SoftonicDownloader_fuer_audio-converter.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

ESET

Code:

 
 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=a9d117a6e78dea4192d78af38f870bc2

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-21 06:14:48

# local_time=2012-03-21 07:14:48 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 13420453 13420453 0 0

# compatibility_mode=5893 16776574 100 94 25605830 83980399 0 0

# compatibility_mode=8192 67108863 100 0 7104 7104 0 0

# scanned=141586

# found=2

# cleaned=0

# scan_time=3139

C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1LFZ1VD\SetupDataMngr_Searchcore[1].exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Users\PC\AppData\Local\Temp\nsy5A33.tmp        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

Zitat:

C:\Users\PC\Desktop\SoftonicDownloader_fuer_audio-converter.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hi,

@ Softonic: Achte da sonst auch drauf, werde es nochmal an den Verursacher weitergeben :twak:

btw.: Helfen gegen gegen solche Infektionen eigentlich die Kostenpflichtigen Antiviren-Suiten?

Hier der OTL Log:

OTL Logfile:

Code:

OTL logfile created on: 22.03.2012 15:06:01 - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\PC\Desktop\TrojanerSuche

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,75 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 66,84% Memory free

7,49 Gb Paging File | 5,95 Gb Available in Paging File | 79,34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 247,35 Gb Total Space | 188,89 Gb Free Space | 76,37% Space Free | Partition Type: NTFS

Drive D: | 218,31 Gb Total Space | 218,20 Gb Free Space | 99,95% Space Free | Partition Type: NTFS

 

Computer Name: PC-PC | User Name: PC | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.22 15:04:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\TrojanerSuche\OTL.exe

PRC - [2012.02.23 11:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012.02.23 11:40:40 | 007,983,488 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

PRC - [2012.02.23 11:24:59 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

PRC - [2012.02.15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.12.16 12:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe

PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe

PRC - [2008.08.02 08:57:14 | 001,757,184 | ---- | M] () -- C:\PROGRA~2\ESRI\License\arcgis9x\ARCGIS.exe

PRC - [2008.08.02 08:57:14 | 001,431,440 | ---- | M] (Acresso Software Inc.) -- C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.31 14:40:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012.02.23 11:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.08.02 08:57:14 | 001,431,440 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager)

SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.02.15 10:05:19 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011.11.24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)

DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.01.11 11:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2009.09.04 06:39:10 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)

DRV:64bit: - [2009.07.31 22:24:40 | 006,103,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.07.17 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.07 21:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2006.04.20 06:22:00 | 000,141,888 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\Sentinel64.sys -- (Sentinel)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchcore.net/426

IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}

IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.startup.homepage: "hxxp://www.searchcore.net/426"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=161111&systemid=426&sr=0&q="

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 16:01:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.23 10:03:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.18 12:12:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles/3mbxs9if.default\extensions\specialsavings@superfish.com

 

[2012.03.19 13:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions

[2011.01.18 16:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.03.19 13:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\3mbxs9if.default\extensions

[2012.03.19 12:21:12 | 000,002,525 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\3mbxs9if.default\searchplugins\Search_Results.xml

[2012.03.19 13:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.03.19 16:01:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.07 11:30:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.07 11:30:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.02.07 11:30:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.07 11:30:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.19 12:21:12 | 000,002,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012.02.07 11:30:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.07 11:30:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)

O2 - BHO: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchcoredtx.dll File not found

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchcoredtx.dll File not found

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4929D4E3-3D7E-4728-840F-EECD46614B6F}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\cdo - No CLSID value found

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {1DCC2D7E-887E-4842-C339-9B31005CC925} - Microsoft Windows Media Player

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.21 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer

[2012.03.21 17:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.03.19 13:37:37 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\TrojanerSuche

[2012.03.19 13:19:38 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Malwarebytes

[2012.03.19 13:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.19 13:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.03.19 13:19:31 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.03.19 13:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.03.19 13:18:01 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\PC\Desktop\mbam-setup-1.60.1.1000.exe

[2012.03.19 12:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012.03.19 12:18:48 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings

[2012.03.19 12:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpecialSavings

[2012.03.19 12:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService

[2012.03.09 14:45:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2012.03.09 14:45:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.22 15:09:08 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.22 11:09:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.22 10:09:56 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.22 10:09:56 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.22 10:06:53 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.03.22 10:06:53 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.03.22 10:06:53 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.03.22 10:06:53 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.03.22 10:06:53 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.03.22 10:02:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.22 10:02:23 | 3018,461,184 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.21 18:29:22 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2012.03.19 14:19:13 | 000,000,000 | ---- | M] () -- C:\Users\PC\defogger_reenable

[2012.03.19 13:19:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.19 13:18:16 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\PC\Desktop\mbam-setup-1.60.1.1000.exe

[2012.03.15 10:33:12 | 000,477,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.03.13 10:09:45 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.02.27 10:08:40 | 000,000,950 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012.02.27 10:08:39 | 000,000,970 | ---- | M] () -- C:\Users\PC\Desktop\Dropbox.lnk

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.21 18:29:22 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk

[2012.03.21 18:29:22 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2012.03.19 14:19:13 | 000,000,000 | ---- | C] () -- C:\Users\PC\defogger_reenable

[2012.03.19 13:19:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.04 11:44:44 | 000,000,200 | ---- | C] () -- C:\Windows\AUDC80UI.dat

[2011.01.19 16:34:12 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.01.07 17:40:19 | 000,037,758 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2011.01.07 17:39:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011.01.07 17:39:49 | 000,029,903 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011.01.07 16:48:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

 
 ========== LOP Check ==========

 

[2012.01.04 13:53:23 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Audacity

[2012.03.22 10:03:11 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Dropbox

[2011.10.06 12:04:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\elsterformular

[2011.10.27 11:46:39 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ESRI

[2011.08.09 09:08:44 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\GHISLER

[2011.01.27 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Leadertech

[2011.01.18 16:58:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Thunderbird

[2012.01.03 11:12:00 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.02.22 14:18:51 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Adobe

[2011.01.07 17:44:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ATI

[2012.01.04 13:53:23 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Audacity

[2011.10.18 10:28:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Avira

[2012.03.22 10:03:11 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Dropbox

[2011.10.06 12:04:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\elsterformular

[2011.10.27 11:46:39 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ESRI

[2011.08.09 09:08:44 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\GHISLER

[2011.01.07 17:33:50 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Identities

[2011.01.27 13:06:59 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Leadertech

[2011.01.27 13:07:06 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Logitech

[2011.01.20 11:00:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Macromedia

[2012.03.19 13:19:38 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Media Center Programs

[2011.08.01 12:03:22 | 000,000,000 | --SD | M] -- C:\Users\PC\AppData\Roaming\Microsoft

[2011.01.18 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Mozilla

[2011.01.18 16:58:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Thunderbird

[2011.01.21 18:00:17 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012.02.15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.02.15 00:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\PC\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2012.03.09 11:42:56 | 004,639,264 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_8086_8479.exe

[2012.03.09 11:43:14 | 004,640,224 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_8086_8479.exe

[2012.03.09 11:43:31 | 004,669,856 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_12_8086_8479.exe

[2012.03.09 11:43:48 | 004,683,496 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_8086_8479.exe

[2012.03.09 11:44:06 | 004,697,056 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_8086_8479.exe

[2012.03.09 11:44:55 | 004,628,120 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_8086_8479.exe

[2012.03.09 11:45:11 | 004,634,680 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_8086_8479.exe

[2012.03.09 11:44:23 | 004,630,176 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_8086_8479.exe

[2012.03.09 11:44:39 | 004,631,984 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_8086_8479.exe

[2012.03.09 11:45:27 | 004,642,400 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_8086_8479.exe

[2012.03.09 11:45:44 | 004,642,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_8086_8479.exe

[2012.03.09 11:46:00 | 004,694,488 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_12_8086_8479.exe

[2012.03.09 11:46:17 | 004,707,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_8086_8479.exe

[2012.03.09 11:46:34 | 004,698,048 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_8086_8479.exe

[2012.03.09 11:46:50 | 004,711,248 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_12_8086_8479.exe

[2012.03.09 11:47:08 | 004,761,304 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_8086_8479.exe

[2012.03.09 11:47:25 | 004,764,968 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_8086_8479.exe

[2012.03.09 11:47:42 | 004,804,976 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_11_8086_8479.exe

[2012.03.09 11:42:28 | 007,446,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8086_8479.exe

[2012.03.09 11:48:48 | 004,668,856 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_8086_8479.exe

[2012.03.09 11:49:04 | 004,653,424 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_8086_8479.exe

[2012.03.09 11:49:21 | 004,713,240 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_12_8086_8479.exe

[2012.03.09 11:47:58 | 004,641,784 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_8086_8479.exe

[2012.03.09 11:48:15 | 004,645,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_8086_8479.exe

[2012.03.09 11:48:31 | 004,725,792 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_11_8086_8479.exe

[2011.10.06 11:59:06 | 011,250,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\PC\AppData\Roaming\elsterformular\update\ElsterFormular_update-12_3_2_6814u.exe

[2011.01.07 17:44:34 | 000,010,134 | R--- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Installer\{704A7732-89FB-7002-1BAE-30A03261DA71}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 

< End of report >

--- --- ---

[/code]

Zitat:

btw.: Helfen gegen gegen solche Infektionen eigentlich die Kostenpflichtigen Antiviren-Suiten?

Nein! Man muss schonmal im Gripskasten kramen und auch mal seine Augen aufhalten und nachdenken/gut aufpassen bei Setup, was sich da noch alles mitinstallieren will! Gerade Toolbars und v.a. Setups von Softonic installieren sehr viel Schrott in Forum von Toolbars und Searchqu/Serachcore :pfui:

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcore.net/426

IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}

IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=161111&systemid=426&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-3966412049-302657136-1133191827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.startup.homepage: "http://www.searchcore.net/426"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=161111&systemid=426&sr=0&q="

O2 - BHO: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchcoredtx.dll File not found

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchcoredtx.dll File not found

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hi,

scheint erfolgreich gewesen zu sein. Die Startseite ist zumindest wieder die alte.

Vielen Dank für die kompetente Hilfe!
:dankeschoen:

Grüße

Code:



All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.

HKU\S-1-5-21-3966412049-302657136-1133191827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-3966412049-302657136-1133191827-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3966412049-302657136-1133191827-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-3966412049-302657136-1133191827-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.

HKU\S-1-5-21-3966412049-302657136-1133191827-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "Search Results" removed from browser.search.defaultenginename

Prefs.js: "Search Results" removed from browser.search.order.1

Prefs.js: "Search Results" removed from browser.search.selectedEngine

Prefs.js: "hxxp://www.searchcore.net/426" removed from browser.startup.homepage

Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems

Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=161111&systemid=426&sr=0&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af6ac4f2-9825-4fb6-a600-92bc5361f209}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af6ac4f2-9825-4fb6-a600-92bc5361f209}\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{af6ac4f2-9825-4fb6-a600-92bc5361f209} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af6ac4f2-9825-4fb6-a600-92bc5361f209}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ******

 

User: PC

->Temp folder emptied: 569399954 bytes

->Temporary Internet Files folder emptied: 75054398 bytes

->Java cache emptied: 28619118 bytes

->FireFox cache emptied: 71846340 bytes

->Google Chrome cache emptied: 9706178 bytes

->Flash cache emptied: 21807 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 2035712 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 255330645 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 965,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.2 log created on 03222012_163149
 

Files\Folders moved on Reboot...

C:\Users\PC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hi,

sorry, das ich jetzt erst antworte.

Hier das Log com TDSS - Killer:

Code:

08:41:18.0494 3164        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

08:41:18.0759 3164        ============================================================

08:41:18.0759 3164        Current date / time: 2012/03/27 08:41:18.0759

08:41:18.0759 3164        SystemInfo:

08:41:18.0759 3164        

08:41:18.0759 3164        OS Version: 6.1.7601 ServicePack: 1.0

08:41:18.0759 3164        Product type: Workstation

08:41:18.0759 3164        ComputerName: PC-PC

08:41:18.0759 3164        UserName: PC

08:41:18.0759 3164        Windows directory: C:\Windows

08:41:18.0759 3164        System windows directory: C:\Windows

08:41:18.0759 3164        Running under WOW64

08:41:18.0759 3164        Processor architecture: Intel x64

08:41:18.0759 3164        Number of processors: 4

08:41:18.0759 3164        Page size: 0x1000

08:41:18.0759 3164        Boot type: Normal boot

08:41:18.0759 3164        ============================================================

08:41:20.0740 3164        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:41:20.0740 3164        \Device\Harddisk0\DR0:

08:41:20.0740 3164        MBR used

08:41:20.0740 3164        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

08:41:20.0740 3164        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1EEB3000

08:41:20.0740 3164        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1EEE5800, BlocksNum 0x1B49F800

08:41:20.0818 3164        Initialize success

08:41:20.0818 3164        ============================================================

08:41:50.0068 2216        ============================================================

08:41:50.0068 2216        Scan started

08:41:50.0068 2216        Mode: Manual; 

08:41:50.0068 2216        ============================================================

08:41:50.0973 2216        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

08:41:50.0973 2216        1394ohci - ok

08:41:51.0035 2216        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

08:41:51.0035 2216        ACPI - ok

08:41:51.0066 2216        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

08:41:51.0082 2216        AcpiPmi - ok

08:41:51.0160 2216        Adobe LM Service (f84c9dee4698df3c1d76801b7b1b55d7) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

08:41:51.0160 2216        Adobe LM Service - ok

08:41:51.0269 2216        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

08:41:51.0285 2216        AdobeARMservice - ok

08:41:51.0316 2216        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

08:41:51.0332 2216        adp94xx - ok

08:41:51.0363 2216        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

08:41:51.0363 2216        adpahci - ok

08:41:51.0410 2216        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

08:41:51.0410 2216        adpu320 - ok

08:41:51.0441 2216        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

08:41:51.0441 2216        AeLookupSvc - ok

08:41:51.0503 2216        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

08:41:51.0503 2216        AFD - ok

08:41:51.0550 2216        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

08:41:51.0566 2216        agp440 - ok

08:41:51.0597 2216        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

08:41:51.0597 2216        ALG - ok

08:41:51.0675 2216        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

08:41:51.0690 2216        aliide - ok

08:41:51.0831 2216        AMD External Events Utility (770e25a0df8785b8e3dcf3e6a7982973) C:\Windows\system32\atiesrxx.exe

08:41:51.0831 2216        AMD External Events Utility - ok

08:41:51.0846 2216        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

08:41:51.0846 2216        amdide - ok

08:41:51.0909 2216        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

08:41:51.0909 2216        AmdK8 - ok

08:41:51.0924 2216        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

08:41:51.0924 2216        AmdPPM - ok

08:41:51.0971 2216        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

08:41:51.0971 2216        amdsata - ok

08:41:52.0002 2216        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

08:41:52.0002 2216        amdsbs - ok

08:41:52.0034 2216        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

08:41:52.0034 2216        amdxata - ok

08:41:52.0127 2216        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

08:41:52.0127 2216        AntiVirSchedulerService - ok

08:41:52.0174 2216        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

08:41:52.0174 2216        AntiVirService - ok

08:41:52.0236 2216        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

08:41:52.0236 2216        AppID - ok

08:41:52.0283 2216        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

08:41:52.0283 2216        AppIDSvc - ok

08:41:52.0314 2216        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

08:41:52.0314 2216        Appinfo - ok

08:41:52.0377 2216        AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

08:41:52.0377 2216        AppMgmt - ok

08:41:52.0408 2216        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

08:41:52.0408 2216        arc - ok

08:41:52.0517 2216        ArcGIS License Manager (338deabd788009f2d043d3080e29930d) C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe

08:41:52.0533 2216        ArcGIS License Manager - ok

08:41:52.0548 2216        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

08:41:52.0548 2216        arcsas - ok

08:41:52.0580 2216        ASPI - ok

08:41:52.0611 2216        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

08:41:52.0611 2216        AsyncMac - ok

08:41:52.0658 2216        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

08:41:52.0658 2216        atapi - ok

08:41:52.0829 2216        atikmdag        (9ffafa1eeab3509735ed649296bb9224) C:\Windows\system32\DRIVERS\atikmdag.sys

08:41:52.0970 2216        atikmdag - ok

08:41:53.0001 2216        AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

08:41:53.0001 2216        AtiPcie - ok

08:41:53.0048 2216        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:41:53.0048 2216        AudioEndpointBuilder - ok

08:41:53.0063 2216        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:41:53.0063 2216        AudioSrv - ok

08:41:53.0094 2216        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

08:41:53.0094 2216        avgntflt - ok

08:41:53.0126 2216        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys

08:41:53.0126 2216        avipbb - ok

08:41:53.0141 2216        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

08:41:53.0141 2216        avkmgr - ok

08:41:53.0172 2216        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

08:41:53.0172 2216        AxInstSV - ok

08:41:53.0235 2216        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

08:41:53.0235 2216        b06bdrv - ok

08:41:53.0266 2216        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

08:41:53.0282 2216        b57nd60a - ok

08:41:53.0297 2216        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

08:41:53.0297 2216        BDESVC - ok

08:41:53.0328 2216        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

08:41:53.0328 2216        Beep - ok

08:41:53.0438 2216        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

08:41:53.0453 2216        BFE - ok

08:41:53.0547 2216        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

08:41:53.0562 2216        BITS - ok

08:41:53.0609 2216        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

08:41:53.0609 2216        blbdrive - ok

08:41:53.0656 2216        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

08:41:53.0672 2216        bowser - ok

08:41:53.0687 2216        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:41:53.0687 2216        BrFiltLo - ok

08:41:53.0703 2216        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:41:53.0703 2216        BrFiltUp - ok

08:41:53.0734 2216        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

08:41:53.0734 2216        Browser - ok

08:41:53.0781 2216        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

08:41:53.0781 2216        Brserid - ok

08:41:53.0828 2216        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

08:41:53.0859 2216        BrSerWdm - ok

08:41:53.0968 2216        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

08:41:53.0984 2216        BrUsbMdm - ok

08:41:54.0062 2216        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

08:41:54.0062 2216        BrUsbSer - ok

08:41:54.0140 2216        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

08:41:54.0155 2216        BTHMODEM - ok

08:41:54.0218 2216        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

08:41:54.0218 2216        bthserv - ok

08:41:54.0264 2216        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

08:41:54.0280 2216        cdfs - ok

08:41:54.0374 2216        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

08:41:54.0389 2216        cdrom - ok

08:41:54.0467 2216        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:41:54.0483 2216        CertPropSvc - ok

08:41:54.0514 2216        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

08:41:54.0514 2216        circlass - ok

08:41:54.0576 2216        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

08:41:54.0576 2216        CLFS - ok

08:41:54.0779 2216        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:41:54.0810 2216        clr_optimization_v2.0.50727_32 - ok

08:41:54.0935 2216        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:41:54.0982 2216        clr_optimization_v2.0.50727_64 - ok

08:41:55.0076 2216        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:41:55.0169 2216        clr_optimization_v4.0.30319_32 - ok

08:41:55.0200 2216        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:41:55.0216 2216        clr_optimization_v4.0.30319_64 - ok

08:41:55.0310 2216        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

08:41:55.0325 2216        CmBatt - ok

08:41:55.0372 2216        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

08:41:55.0372 2216        cmdide - ok

08:41:55.0434 2216        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

08:41:55.0434 2216        CNG - ok

08:41:55.0481 2216        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

08:41:55.0497 2216        Compbatt - ok

08:41:55.0590 2216        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

08:41:55.0606 2216        CompositeBus - ok

08:41:55.0622 2216        COMSysApp - ok

08:41:55.0668 2216        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

08:41:55.0684 2216        crcdisk - ok

08:41:55.0715 2216        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

08:41:55.0715 2216        CryptSvc - ok

08:41:55.0746 2216        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

08:41:55.0762 2216        CSC - ok

08:41:55.0778 2216        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

08:41:55.0793 2216        CscService - ok

08:41:55.0840 2216        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:41:55.0840 2216        DcomLaunch - ok

08:41:55.0887 2216        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

08:41:55.0887 2216        defragsvc - ok

08:41:55.0934 2216        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

08:41:55.0934 2216        DfsC - ok

08:41:55.0996 2216        dg_ssudbus      (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys

08:41:55.0996 2216        dg_ssudbus - ok

08:41:56.0074 2216        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

08:41:56.0074 2216        Dhcp - ok

08:41:56.0230 2216        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

08:41:56.0246 2216        discache - ok

08:41:56.0448 2216        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

08:41:56.0480 2216        Disk - ok

08:41:56.0682 2216        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

08:41:56.0698 2216        Dnscache - ok

08:41:56.0729 2216        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

08:41:56.0745 2216        dot3svc - ok

08:41:56.0792 2216        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

08:41:56.0807 2216        DPS - ok

08:41:56.0870 2216        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

08:41:56.0870 2216        drmkaud - ok

08:41:56.0948 2216        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

08:41:56.0963 2216        DXGKrnl - ok

08:41:56.0994 2216        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

08:41:56.0994 2216        EapHost - ok

08:41:57.0150 2216        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

08:41:57.0197 2216        ebdrv - ok

08:41:57.0244 2216        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

08:41:57.0244 2216        EFS - ok

08:41:57.0275 2216        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

08:41:57.0291 2216        ehRecvr - ok

08:41:57.0322 2216        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

08:41:57.0338 2216        ehSched - ok

08:41:57.0416 2216        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

08:41:57.0431 2216        elxstor - ok

08:41:57.0494 2216        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

08:41:57.0494 2216        ErrDev - ok

08:41:57.0540 2216        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

08:41:57.0540 2216        EventSystem - ok

08:41:57.0556 2216        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

08:41:57.0572 2216        exfat - ok

08:41:57.0587 2216        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

08:41:57.0587 2216        fastfat - ok

08:41:57.0665 2216        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

08:41:57.0665 2216        Fax - ok

08:41:57.0681 2216        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

08:41:57.0696 2216        fdc - ok

08:41:57.0712 2216        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

08:41:57.0712 2216        fdPHost - ok

08:41:57.0728 2216        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

08:41:57.0728 2216        FDResPub - ok

08:41:57.0743 2216        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

08:41:57.0759 2216        FileInfo - ok

08:41:57.0837 2216        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

08:41:57.0837 2216        Filetrace - ok

08:41:57.0852 2216        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

08:41:57.0884 2216        flpydisk - ok

08:41:58.0024 2216        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

08:41:58.0024 2216        FltMgr - ok

08:41:58.0118 2216        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

08:41:58.0133 2216        FontCache - ok

08:41:58.0211 2216        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:41:58.0211 2216        FontCache3.0.0.0 - ok

08:41:58.0258 2216        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

08:41:58.0258 2216        FsDepends - ok

08:41:58.0274 2216        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

08:41:58.0274 2216        Fs_Rec - ok

08:41:58.0320 2216        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

08:41:58.0320 2216        fvevol - ok

08:41:58.0352 2216        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

08:41:58.0352 2216        gagp30kx - ok

08:41:58.0414 2216        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

08:41:58.0430 2216        gpsvc - ok

08:41:58.0523 2216        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:41:58.0539 2216        gupdate - ok

08:41:58.0554 2216        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:41:58.0570 2216        gupdatem - ok

08:41:58.0586 2216        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

08:41:58.0586 2216        hcw85cir - ok

08:41:58.0757 2216        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

08:41:58.0773 2216        HdAudAddService - ok

08:41:58.0835 2216        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

08:41:58.0835 2216        HDAudBus - ok

08:41:58.0866 2216        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

08:41:58.0866 2216        HidBatt - ok

08:41:58.0882 2216        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

08:41:58.0882 2216        HidBth - ok

08:41:58.0898 2216        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

08:41:58.0898 2216        HidIr - ok

08:41:58.0929 2216        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

08:41:58.0929 2216        hidserv - ok

08:41:58.0944 2216        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

08:41:58.0944 2216        HidUsb - ok

08:41:58.0976 2216        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

08:41:58.0976 2216        hkmsvc - ok

08:41:59.0022 2216        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

08:41:59.0022 2216        HomeGroupListener - ok

08:41:59.0054 2216        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

08:41:59.0069 2216        HomeGroupProvider - ok

08:41:59.0100 2216        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

08:41:59.0100 2216        HpSAMD - ok

08:41:59.0178 2216        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

08:41:59.0194 2216        HTTP - ok

08:41:59.0241 2216        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

08:41:59.0241 2216        hwpolicy - ok

08:41:59.0288 2216        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

08:41:59.0288 2216        i8042prt - ok

08:41:59.0350 2216        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

08:41:59.0350 2216        iaStorV - ok

08:41:59.0459 2216        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:41:59.0475 2216        idsvc - ok

08:41:59.0537 2216        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

08:41:59.0537 2216        iirsp - ok

08:41:59.0584 2216        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

08:41:59.0600 2216        IKEEXT - ok

08:41:59.0615 2216        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

08:41:59.0615 2216        intelide - ok

08:41:59.0646 2216        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

08:41:59.0646 2216        intelppm - ok

08:41:59.0678 2216        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

08:41:59.0693 2216        IPBusEnum - ok

08:41:59.0724 2216        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:41:59.0724 2216        IpFilterDriver - ok

08:41:59.0787 2216        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

08:41:59.0787 2216        iphlpsvc - ok

08:41:59.0834 2216        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

08:41:59.0834 2216        IPMIDRV - ok

08:41:59.0865 2216        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

08:41:59.0880 2216        IPNAT - ok

08:41:59.0927 2216        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

08:41:59.0927 2216        IRENUM - ok

08:41:59.0958 2216        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

08:41:59.0958 2216        isapnp - ok

08:42:00.0005 2216        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

08:42:00.0005 2216        iScsiPrt - ok

08:42:00.0036 2216        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

08:42:00.0036 2216        kbdclass - ok

08:42:00.0083 2216        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

08:42:00.0083 2216        kbdhid - ok

08:42:00.0130 2216        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:42:00.0130 2216        KeyIso - ok

08:42:00.0177 2216        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

08:42:00.0177 2216        KSecDD - ok

08:42:00.0224 2216        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

08:42:00.0224 2216        KSecPkg - ok

08:42:00.0255 2216        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

08:42:00.0255 2216        ksthunk - ok

08:42:00.0364 2216        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

08:42:00.0380 2216        KtmRm - ok

08:42:00.0536 2216        L1C             (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys

08:42:00.0551 2216        L1C - ok

08:42:00.0723 2216        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

08:42:00.0738 2216        LanmanServer - ok

08:42:00.0879 2216        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

08:42:00.0894 2216        LanmanWorkstation - ok

08:42:01.0175 2216        LBTServ         (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

08:42:01.0206 2216        LBTServ - ok

08:42:01.0846 2216        LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys

08:42:01.0846 2216        LHidFilt - ok

08:42:02.0314 2216        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

08:42:02.0376 2216        lltdio - ok

08:42:02.0642 2216        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

08:42:02.0657 2216        lltdsvc - ok

08:42:02.0751 2216        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

08:42:02.0766 2216        lmhosts - ok

08:42:02.0922 2216        LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys

08:42:02.0922 2216        LMouFilt - ok

08:42:03.0032 2216        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

08:42:03.0063 2216        LSI_FC - ok

08:42:03.0156 2216        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

08:42:03.0172 2216        LSI_SAS - ok

08:42:03.0266 2216        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:42:03.0266 2216        LSI_SAS2 - ok

08:42:03.0390 2216        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:42:03.0390 2216        LSI_SCSI - ok

08:42:03.0484 2216        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

08:42:03.0500 2216        luafv - ok

08:42:03.0718 2216        MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

08:42:03.0718 2216        MBAMProtector - ok

08:42:03.0921 2216        MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

08:42:03.0936 2216        MBAMService - ok

08:42:04.0030 2216        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

08:42:04.0046 2216        Mcx2Svc - ok

08:42:04.0139 2216        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

08:42:04.0139 2216        megasas - ok

08:42:04.0202 2216        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

08:42:04.0217 2216        MegaSR - ok

08:42:04.0404 2216        Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

08:42:04.0420 2216        Microsoft Office Groove Audit Service - ok

08:42:04.0514 2216        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:42:04.0529 2216        MMCSS - ok

08:42:04.0810 2216        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

08:42:04.0826 2216        Modem - ok

08:42:04.0857 2216        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

08:42:04.0857 2216        monitor - ok

08:42:04.0919 2216        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

08:42:04.0919 2216        mouclass - ok

08:42:04.0966 2216        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

08:42:04.0982 2216        mouhid - ok

08:42:05.0028 2216        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

08:42:05.0028 2216        mountmgr - ok

08:42:05.0075 2216        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

08:42:05.0075 2216        mpio - ok

08:42:05.0106 2216        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

08:42:05.0106 2216        mpsdrv - ok

08:42:05.0184 2216        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

08:42:05.0200 2216        MpsSvc - ok

08:42:05.0325 2216        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

08:42:05.0340 2216        MRxDAV - ok

08:42:05.0434 2216        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:42:05.0434 2216        mrxsmb - ok

08:42:05.0512 2216        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:42:05.0512 2216        mrxsmb10 - ok

08:42:05.0574 2216        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:42:05.0574 2216        mrxsmb20 - ok

08:42:05.0684 2216        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

08:42:05.0684 2216        msahci - ok

08:42:05.0730 2216        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

08:42:05.0746 2216        msdsm - ok

08:42:05.0824 2216        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

08:42:05.0824 2216        MSDTC - ok

08:42:05.0918 2216        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

08:42:05.0918 2216        Msfs - ok

08:42:05.0964 2216        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

08:42:05.0964 2216        mshidkmdf - ok

08:42:05.0996 2216        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

08:42:05.0996 2216        msisadrv - ok

08:42:06.0074 2216        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

08:42:06.0074 2216        MSiSCSI - ok

08:42:06.0089 2216        msiserver - ok

08:42:06.0167 2216        Mskidrhcach - ok

08:42:06.0214 2216        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

08:42:06.0230 2216        MSKSSRV - ok

08:42:06.0245 2216        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

08:42:06.0245 2216        MSPCLOCK - ok

08:42:06.0276 2216        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

08:42:06.0292 2216        MSPQM - ok

08:42:06.0370 2216        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

08:42:06.0370 2216        MsRPC - ok

08:42:06.0401 2216        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

08:42:06.0401 2216        mssmbios - ok

08:42:06.0448 2216        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

08:42:06.0464 2216        MSTEE - ok

08:42:06.0495 2216        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

08:42:06.0510 2216        MTConfig - ok

08:42:06.0588 2216        MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

08:42:06.0588 2216        MTsensor - ok

08:42:06.0635 2216        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

08:42:06.0635 2216        Mup - ok

08:42:06.0713 2216        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

08:42:06.0713 2216        napagent - ok

08:42:06.0760 2216        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

08:42:06.0776 2216        NativeWifiP - ok

08:42:06.0807 2216        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

08:42:06.0822 2216        NDIS - ok

08:42:06.0838 2216        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

08:42:06.0838 2216        NdisCap - ok

08:42:06.0869 2216        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

08:42:06.0869 2216        NdisTapi - ok

08:42:06.0916 2216        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

08:42:06.0916 2216        Ndisuio - ok

08:42:06.0947 2216        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

08:42:06.0947 2216        NdisWan - ok

08:42:06.0978 2216        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

08:42:06.0978 2216        NDProxy - ok

08:42:07.0025 2216        Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll

08:42:07.0025 2216        Net Driver HPZ12 - ok

08:42:07.0072 2216        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

08:42:07.0088 2216        NetBIOS - ok

08:42:07.0197 2216        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

08:42:07.0197 2216        NetBT - ok

08:42:07.0275 2216        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:42:07.0275 2216        Netlogon - ok

08:42:07.0368 2216        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

08:42:07.0368 2216        Netman - ok

08:42:07.0415 2216        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

08:42:07.0415 2216        netprofm - ok

08:42:07.0493 2216        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:42:07.0493 2216        NetTcpPortSharing - ok

08:42:07.0556 2216        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

08:42:07.0556 2216        nfrd960 - ok

08:42:07.0649 2216        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

08:42:07.0665 2216        NlaSvc - ok

08:42:07.0696 2216        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

08:42:07.0696 2216        Npfs - ok

08:42:07.0727 2216        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

08:42:07.0727 2216        nsi - ok

08:42:07.0758 2216        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

08:42:07.0758 2216        nsiproxy - ok

08:42:07.0914 2216        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

08:42:07.0946 2216        Ntfs - ok

08:42:07.0977 2216        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

08:42:07.0977 2216        Null - ok

08:42:08.0024 2216        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

08:42:08.0024 2216        nvraid - ok

08:42:08.0055 2216        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

08:42:08.0070 2216        nvstor - ok

08:42:08.0133 2216        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

08:42:08.0133 2216        nv_agp - ok

08:42:08.0242 2216        odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

08:42:08.0242 2216        odserv - ok

08:42:08.0304 2216        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

08:42:08.0304 2216        ohci1394 - ok

08:42:08.0398 2216        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:42:08.0414 2216        ose - ok

08:42:08.0445 2216        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:42:08.0460 2216        p2pimsvc - ok

08:42:08.0538 2216        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

08:42:08.0570 2216        p2psvc - ok

08:42:08.0632 2216        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

08:42:08.0632 2216        Parport - ok

08:42:08.0679 2216        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

08:42:08.0679 2216        partmgr - ok

08:42:08.0710 2216        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

08:42:08.0726 2216        PcaSvc - ok

08:42:08.0772 2216        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

08:42:08.0772 2216        pci - ok

08:42:08.0788 2216        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

08:42:08.0788 2216        pciide - ok

08:42:08.0819 2216        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

08:42:08.0835 2216        pcmcia - ok

08:42:08.0850 2216        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

08:42:08.0850 2216        pcw - ok

08:42:08.0866 2216        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

08:42:08.0882 2216        PEAUTH - ok

08:42:08.0944 2216        PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

08:42:08.0960 2216        PeerDistSvc - ok

08:42:09.0006 2216        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

08:42:09.0006 2216        PerfHost - ok

08:42:09.0100 2216        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

08:42:09.0147 2216        pla - ok

08:42:09.0240 2216        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

08:42:09.0256 2216        PlugPlay - ok

08:42:09.0334 2216        Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll

08:42:09.0334 2216        Pml Driver HPZ12 - ok

08:42:09.0459 2216        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

08:42:09.0474 2216        PNRPAutoReg - ok

08:42:10.0114 2216        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:42:10.0130 2216        PNRPsvc - ok

08:42:10.0223 2216        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

08:42:10.0254 2216        PolicyAgent - ok

08:42:10.0317 2216        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

08:42:10.0317 2216        Power - ok

08:42:10.0488 2216        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

08:42:10.0504 2216        PptpMiniport - ok

08:42:10.0535 2216        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

08:42:10.0535 2216        Processor - ok

08:42:10.0629 2216        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

08:42:10.0644 2216        ProfSvc - ok

08:42:10.0691 2216        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:42:10.0691 2216        ProtectedStorage - ok

08:42:10.0785 2216        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

08:42:10.0785 2216        Psched - ok

08:42:10.0863 2216        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

08:42:10.0910 2216        ql2300 - ok

08:42:10.0941 2216        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

08:42:10.0941 2216        ql40xx - ok

08:42:10.0972 2216        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

08:42:10.0972 2216        QWAVE - ok

08:42:10.0988 2216        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

08:42:11.0003 2216        QWAVEdrv - ok

08:42:11.0050 2216        RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll

08:42:11.0066 2216        RapiMgr - ok

08:42:11.0081 2216        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

08:42:11.0081 2216        RasAcd - ok

08:42:11.0112 2216        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

08:42:11.0112 2216        RasAgileVpn - ok

08:42:11.0128 2216        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

08:42:11.0144 2216        RasAuto - ok

08:42:11.0175 2216        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:42:11.0175 2216        Rasl2tp - ok

08:42:11.0222 2216        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

08:42:11.0237 2216        RasMan - ok

08:42:11.0253 2216        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

08:42:11.0253 2216        RasPppoe - ok

08:42:11.0268 2216        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

08:42:11.0284 2216        RasSstp - ok

08:42:11.0331 2216        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

08:42:11.0331 2216        rdbss - ok

08:42:11.0362 2216        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

08:42:11.0362 2216        rdpbus - ok

08:42:11.0393 2216        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:42:11.0409 2216        RDPCDD - ok

08:42:11.0456 2216        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

08:42:11.0456 2216        RDPDR - ok

08:42:11.0487 2216        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

08:42:11.0502 2216        RDPENCDD - ok

08:42:11.0534 2216        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

08:42:11.0534 2216        RDPREFMP - ok

08:42:11.0580 2216        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

08:42:11.0580 2216        RDPWD - ok

08:42:11.0627 2216        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

08:42:11.0627 2216        rdyboost - ok

08:42:11.0658 2216        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

08:42:11.0674 2216        RemoteAccess - ok

08:42:11.0690 2216        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

08:42:11.0705 2216        RemoteRegistry - ok

08:42:11.0736 2216        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

08:42:11.0736 2216        RpcEptMapper - ok

08:42:11.0752 2216        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

08:42:11.0768 2216        RpcLocator - ok

08:42:11.0799 2216        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:42:11.0814 2216        RpcSs - ok

08:42:11.0846 2216        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

08:42:11.0846 2216        rspndr - ok

08:42:11.0877 2216        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

08:42:11.0877 2216        s3cap - ok

08:42:11.0924 2216        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:42:11.0924 2216        SamSs - ok

08:42:11.0970 2216        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

08:42:11.0970 2216        sbp2port - ok

08:42:12.0017 2216        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

08:42:12.0017 2216        SCardSvr - ok

08:42:12.0064 2216        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

08:42:12.0064 2216        scfilter - ok

08:42:12.0126 2216        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

08:42:12.0158 2216        Schedule - ok

08:42:12.0189 2216        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:42:12.0189 2216        SCPolicySvc - ok

08:42:12.0236 2216        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

08:42:12.0251 2216        SDRSVC - ok

08:42:12.0282 2216        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

08:42:12.0282 2216        secdrv - ok

08:42:12.0345 2216        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

08:42:12.0345 2216        seclogon - ok

08:42:12.0423 2216        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

08:42:12.0423 2216        SENS - ok

08:42:12.0485 2216        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

08:42:12.0501 2216        SensrSvc - ok

08:42:12.0610 2216        Sentinel        (82215bbed5d37b0c354f0e83fd0c8423) C:\Windows\System32\Drivers\SENTINEL64.SYS

08:42:12.0626 2216        Sentinel - ok

08:42:12.0704 2216        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

08:42:12.0704 2216        Serenum - ok

08:42:12.0735 2216        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

08:42:12.0750 2216        Serial - ok

08:42:12.0797 2216        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

08:42:12.0797 2216        sermouse - ok

08:42:12.0875 2216        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

08:42:12.0875 2216        SessionEnv - ok

08:42:12.0922 2216        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

08:42:12.0922 2216        sffdisk - ok

08:42:12.0938 2216        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

08:42:12.0938 2216        sffp_mmc - ok

08:42:12.0969 2216        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

08:42:12.0969 2216        sffp_sd - ok

08:42:13.0016 2216        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

08:42:13.0016 2216        sfloppy - ok

08:42:13.0062 2216        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

08:42:13.0062 2216        SharedAccess - ok

08:42:13.0109 2216        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

08:42:13.0125 2216        ShellHWDetection - ok

08:42:13.0156 2216        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:42:13.0156 2216        SiSRaid2 - ok

08:42:13.0172 2216        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

08:42:13.0187 2216        SiSRaid4 - ok

08:42:13.0203 2216        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

08:42:13.0203 2216        Smb - ok

08:42:13.0250 2216        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

08:42:13.0250 2216        SNMPTRAP - ok

08:42:13.0265 2216        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

08:42:13.0265 2216        spldr - ok

08:42:13.0296 2216        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

08:42:13.0312 2216        Spooler - ok

08:42:13.0421 2216        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

08:42:13.0562 2216        sppsvc - ok

08:42:13.0593 2216        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

08:42:13.0593 2216        sppuinotify - ok

08:42:13.0640 2216        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

08:42:13.0655 2216        srv - ok

08:42:13.0702 2216        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

08:42:13.0718 2216        srv2 - ok

08:42:13.0733 2216        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

08:42:13.0733 2216        srvnet - ok

08:42:13.0780 2216        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

08:42:13.0780 2216        SSDPSRV - ok

08:42:13.0811 2216        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

08:42:13.0811 2216        SstpSvc - ok

08:42:13.0858 2216        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

08:42:13.0858 2216        stexstor - ok

08:42:13.0936 2216        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

08:42:13.0952 2216        stisvc - ok

08:42:13.0998 2216        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

08:42:13.0998 2216        storflt - ok

08:42:14.0030 2216        StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

08:42:14.0045 2216        StorSvc - ok

08:42:14.0061 2216        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

08:42:14.0061 2216        storvsc - ok

08:42:14.0108 2216        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

08:42:14.0108 2216        swenum - ok

08:42:14.0123 2216        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

08:42:14.0139 2216        swprv - ok

08:42:14.0217 2216        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

08:42:14.0264 2216        SysMain - ok

08:42:14.0295 2216        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

08:42:14.0310 2216        TabletInputService - ok

08:42:14.0357 2216        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

08:42:14.0357 2216        TapiSrv - ok

08:42:14.0388 2216        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

08:42:14.0388 2216        TBS - ok

08:42:14.0482 2216        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

08:42:14.0529 2216        Tcpip - ok

08:42:14.0576 2216        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

08:42:14.0591 2216        TCPIP6 - ok

08:42:14.0669 2216        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

08:42:14.0685 2216        tcpipreg - ok

08:42:14.0794 2216        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

08:42:14.0794 2216        TDPIPE - ok

08:42:14.0903 2216        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

08:42:14.0903 2216        TDTCP - ok

08:42:14.0950 2216        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

08:42:14.0950 2216        tdx - ok

08:42:15.0122 2216        TeamViewer7     (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

08:42:15.0137 2216        TeamViewer7 - ok

08:42:15.0168 2216        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

08:42:15.0168 2216        TermDD - ok

08:42:15.0200 2216        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

08:42:15.0215 2216        TermService - ok

08:42:15.0246 2216        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

08:42:15.0262 2216        Themes - ok

08:42:15.0293 2216        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:42:15.0293 2216        THREADORDER - ok

08:42:15.0324 2216        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

08:42:15.0324 2216        TrkWks - ok

08:42:15.0387 2216        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

08:42:15.0387 2216        TrustedInstaller - ok

08:42:15.0434 2216        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:42:15.0434 2216        tssecsrv - ok

08:42:15.0465 2216        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

08:42:15.0480 2216        TsUsbFlt - ok

08:42:15.0543 2216        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

08:42:15.0543 2216        tunnel - ok

08:42:15.0574 2216        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

08:42:15.0574 2216        uagp35 - ok

08:42:15.0621 2216        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

08:42:15.0621 2216        udfs - ok

08:42:15.0683 2216        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

08:42:15.0683 2216        UI0Detect - ok

08:42:15.0730 2216        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

08:42:15.0746 2216        uliagpkx - ok

08:42:15.0824 2216        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

08:42:15.0824 2216        umbus - ok

08:42:15.0839 2216        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

08:42:15.0839 2216        UmPass - ok

08:42:15.0886 2216        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

08:42:15.0902 2216        UmRdpService - ok

08:42:15.0933 2216        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

08:42:15.0948 2216        upnphost - ok

08:42:15.0980 2216        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

08:42:15.0980 2216        usbccgp - ok

08:42:16.0042 2216        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

08:42:16.0042 2216        usbcir - ok

08:42:16.0073 2216        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

08:42:16.0073 2216        usbehci - ok

08:42:16.0104 2216        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

08:42:16.0120 2216        usbhub - ok

08:42:16.0136 2216        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

08:42:16.0136 2216        usbohci - ok

08:42:16.0167 2216        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

08:42:16.0167 2216        usbprint - ok

08:42:16.0182 2216        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:42:16.0182 2216        USBSTOR - ok

08:42:16.0198 2216        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

08:42:16.0198 2216        usbuhci - ok

08:42:16.0229 2216        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

08:42:16.0229 2216        UxSms - ok

08:42:16.0276 2216        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:42:16.0276 2216        VaultSvc - ok

08:42:16.0307 2216        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

08:42:16.0307 2216        vdrvroot - ok

08:42:16.0354 2216        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

08:42:16.0370 2216        vds - ok

08:42:16.0385 2216        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

08:42:16.0385 2216        vga - ok

08:42:16.0416 2216        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

08:42:16.0416 2216        VgaSave - ok

08:42:16.0463 2216        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

08:42:16.0479 2216        vhdmp - ok

08:42:16.0541 2216        VIAHdAudAddService (712bfd5dac2668fba4a2435fb06c3d00) C:\Windows\system32\drivers\viahduaa.sys

08:42:16.0572 2216        VIAHdAudAddService - ok

08:42:16.0588 2216        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

08:42:16.0588 2216        viaide - ok

08:42:16.0619 2216        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

08:42:16.0619 2216        vmbus - ok

08:42:16.0650 2216        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

08:42:16.0650 2216        VMBusHID - ok

08:42:16.0682 2216        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

08:42:16.0682 2216        volmgr - ok

08:42:16.0728 2216        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

08:42:16.0728 2216        volmgrx - ok

08:42:16.0760 2216        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

08:42:16.0760 2216        volsnap - ok

08:42:16.0822 2216        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

08:42:16.0822 2216        vsmraid - ok

08:42:16.0916 2216        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

08:42:16.0962 2216        VSS - ok

08:42:17.0009 2216        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

08:42:17.0025 2216        vwifibus - ok

08:42:17.0103 2216        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

08:42:17.0118 2216        W32Time - ok

08:42:17.0165 2216        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

08:42:17.0165 2216        WacomPen - ok

08:42:17.0212 2216        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:42:17.0212 2216        WANARP - ok

08:42:17.0228 2216        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:42:17.0228 2216        Wanarpv6 - ok

08:42:17.0306 2216        WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

08:42:17.0352 2216        WatAdminSvc - ok

08:42:17.0415 2216        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

08:42:17.0446 2216        wbengine - ok

08:42:17.0493 2216        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

08:42:17.0493 2216        WbioSrvc - ok

08:42:17.0571 2216        WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll

08:42:17.0586 2216        WcesComm - ok

08:42:17.0649 2216        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

08:42:17.0664 2216        wcncsvc - ok

08:42:17.0711 2216        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

08:42:17.0711 2216        WcsPlugInService - ok

08:42:17.0758 2216        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

08:42:17.0758 2216        Wd - ok

08:42:17.0805 2216        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

08:42:17.0820 2216        Wdf01000 - ok

08:42:17.0836 2216        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:42:17.0852 2216        WdiServiceHost - ok

08:42:17.0852 2216        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:42:17.0852 2216        WdiSystemHost - ok

08:42:17.0883 2216        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

08:42:17.0898 2216        WebClient - ok

08:42:17.0914 2216        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

08:42:17.0914 2216        Wecsvc - ok

08:42:17.0930 2216        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

08:42:17.0930 2216        wercplsupport - ok

08:42:17.0961 2216        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

08:42:17.0961 2216        WerSvc - ok

08:42:17.0992 2216        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

08:42:17.0992 2216        WfpLwf - ok

08:42:18.0008 2216        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

08:42:18.0008 2216        WIMMount - ok

08:42:18.0039 2216        WinDefend - ok

08:42:18.0039 2216        WinHttpAutoProxySvc - ok

08:42:18.0101 2216        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

08:42:18.0101 2216        Winmgmt - ok

08:42:18.0195 2216        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

08:42:18.0257 2216        WinRM - ok

08:42:18.0320 2216        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

08:42:18.0320 2216        WinUsb - ok

08:42:18.0366 2216        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

08:42:18.0382 2216        Wlansvc - ok

08:42:18.0398 2216        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

08:42:18.0398 2216        WmiAcpi - ok

08:42:18.0429 2216        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

08:42:18.0429 2216        wmiApSrv - ok

08:42:18.0444 2216        WMPNetworkSvc - ok

08:42:18.0460 2216        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

08:42:18.0460 2216        WPCSvc - ok

08:42:18.0491 2216        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

08:42:18.0491 2216        WPDBusEnum - ok

08:42:18.0522 2216        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

08:42:18.0522 2216        ws2ifsl - ok

08:42:18.0554 2216        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

08:42:18.0554 2216        wscsvc - ok

08:42:18.0554 2216        WSearch - ok

08:42:18.0663 2216        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

08:42:18.0741 2216        wuauserv - ok

08:42:18.0788 2216        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

08:42:18.0788 2216        WudfPf - ok

08:42:18.0834 2216        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:42:18.0850 2216        WUDFRd - ok

08:42:18.0881 2216        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

08:42:18.0897 2216        wudfsvc - ok

08:42:18.0912 2216        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

08:42:18.0928 2216        WwanSvc - ok

08:42:18.0959 2216        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

08:42:19.0022 2216        \Device\Harddisk0\DR0 - ok

08:42:19.0022 2216        Boot (0x1200)   (8a713ee86a43fb092eb60ce33a4a9ddf) \Device\Harddisk0\DR0\Partition0

08:42:19.0022 2216        \Device\Harddisk0\DR0\Partition0 - ok

08:42:19.0053 2216        Boot (0x1200)   (9a20039cf97ccc181d4a533b86febf2a) \Device\Harddisk0\DR0\Partition1

08:42:19.0053 2216        \Device\Harddisk0\DR0\Partition1 - ok

08:42:19.0068 2216        Boot (0x1200)   (08c8b3930521880ea1a1656cd11b530a) \Device\Harddisk0\DR0\Partition2

08:42:19.0068 2216        \Device\Harddisk0\DR0\Partition2 - ok

08:42:19.0068 2216        ============================================================

08:42:19.0068 2216        Scan finished

08:42:19.0068 2216        ============================================================

08:42:19.0084 3156        Detected object count: 0

08:42:19.0084 3156        Actual detected object count: 0

Grüße

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hi,

und hier das log:

[code]

Combofix Logfile:

Code:

ComboFix 12-03-27.02 - PC 27.03.2012  15:57:37.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3838.2566 [GMT 2:00]

ausgeführt von:: c:\users\PC\Desktop\TrojanerSuche\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\SysWow64\regobj.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))

.

.

2012-03-27 14:02 . 2012-03-27 14:02        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-03-22 15:31 . 2012-03-22 15:31        --------        d-----w-        C:\_OTL

2012-03-21 17:29 . 2012-03-21 17:29        --------        d-----w-        c:\program files (x86)\TeamViewer

2012-03-21 16:24 . 2012-03-21 16:24        --------        d-----w-        c:\program files (x86)\ESET

2012-03-19 15:01 . 2012-03-19 15:01        592824        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-19 15:01 . 2012-03-19 15:01        44472        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-19 12:19 . 2012-03-19 12:19        --------        d-----w-        c:\users\PC\AppData\Roaming\Malwarebytes

2012-03-19 12:19 . 2012-03-19 12:19        --------        d-----w-        c:\programdata\Malwarebytes

2012-03-19 11:21 . 2012-03-19 13:14        --------        d-----w-        c:\programdata\boost_interprocess

2012-03-19 11:18 . 2012-03-21 16:19        --------        d-----w-        c:\programdata\IBUpdaterService

2012-03-19 11:18 . 2012-03-19 11:21        --------        d-----w-        c:\program files (x86)\SpecialSavings

2012-03-15 08:37 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-03-15 08:37 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-03-15 08:37 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-03-15 08:34 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys

2012-03-15 08:34 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll

2012-03-15 08:34 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll

2012-03-15 08:33 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-03-15 08:33 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-03-15 08:33 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-03-15 08:33 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll

2012-03-15 08:33 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll

2012-03-15 08:33 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-03-15 08:33 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

2012-03-09 13:45 . 2012-03-09 13:45        --------        d-----w-        c:\windows\SysWow64\Wat

2012-03-09 13:45 . 2012-03-09 13:45        --------        d-----w-        c:\windows\system32\Wat

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-09 08:55 . 2011-05-19 08:12        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-15 09:05 . 2011-10-18 09:28        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-01-04 10:44 . 2012-02-16 09:11        509952        ----a-w-        c:\windows\system32\ntshrui.dll

2012-01-04 09:25 . 2012-01-04 09:25        19277133        ----a-w-        c:\users\PC\audacity-win-unicode-1.3.14.exe

2012-01-04 08:58 . 2012-02-16 09:11        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll

2011-12-30 06:26 . 2012-02-16 09:11        515584        ----a-w-        c:\windows\system32\timedate.cpl

2011-12-30 05:27 . 2012-02-16 09:11        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 2770432]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-12-16 220744]

.

c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-17 113664]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-27 1207312]

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 136176]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 136176]

R3 Mskidrhcach;Mskidrhcach; [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~2\ESRI\License\arcgis9x\lmgrd.exe [2008-08-02 1431440]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 13:34]

.

2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 13:34]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = 

IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\3mbxs9if.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - www.google.de

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-BImSchG-Antragstellungsprogramm - c:\windows\system32\javaws.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\progra~2\ESRI\License\arcgis9x\ARCGIS.exe

c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe

c:\program files (x86)\TeamViewer\Version7\tv_w32.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-03-27  16:13:34 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-03-27 14:13

.

Vor Suchlauf: 15 Verzeichnis(se), 209.670.729.728 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 209.126.182.912 Bytes frei

.

- - End Of File - - 63E8497A9F0630314A2F566D9C81722D

--- --- ---

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

und hier das nächste;)

Code:


 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-28 08:37:39

-----------------------------

08:37:39.560    OS Version: Windows x64 6.1.7601 Service Pack 1

08:37:39.560    Number of processors: 4 586 0x503

08:37:39.560    ComputerName: PC-PC  UserName: PC

08:37:40.245    Initialize success

08:40:09.369    AVAST engine defs: 12032702

08:42:14.249    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

08:42:14.264    Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3

08:42:14.280    Disk 0 MBR read successfully

08:42:14.280    Disk 0 MBR scan

08:42:14.295    Disk 0 Windows 7 default MBR code

08:42:14.295    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

08:42:14.311    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       253286 MB offset 206848

08:42:14.327    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       223551 MB offset 518936576

08:42:14.373    Disk 0 scanning C:\Windows\system32\drivers

08:42:24.155    Service scanning

08:42:45.636    Modules scanning

08:42:45.651    Disk 0 trace - called modules:

08:42:45.683    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 

08:42:46.197    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046b2060]

08:42:46.197    3 CLASSPNP.SYS[fffff8800197e43f] -> nt!IofCallDriver -> [0xfffffa80045d79b0]

08:42:46.213    5 ACPI.sys[fffff88000fa37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80046aa060]

08:42:47.087    AVAST engine scan C:\Windows

08:42:49.583    AVAST engine scan C:\Windows\system32

08:45:47.407    AVAST engine scan C:\Windows\system32\drivers

08:45:58.873    AVAST engine scan C:\Users\PC

08:46:14.567    File: C:\Users\PC\AppData\Local\Temp\_av4_\data\aswar0.dll  **INFECTED** Win32:Malware-gen

08:46:14.707    File: C:\Users\PC\AppData\Local\Temp\_av4_\data\updldr0.bin  **INFECTED** Win32:Malware-gen

08:47:36.639    AVAST engine scan C:\ProgramData

08:48:13.720    Scan finished successfully

08:51:09.532    Disk 0 MBR has been saved successfully to "C:\Users\PC\Desktop\TrojanerSuche\MBR.dat"

08:51:09.548    The log file has been saved successfully to "C:\Users\PC\Desktop\TrojanerSuche\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

und hier der Rest;)

Code:



Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.28.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

PC :: PC-PC [Administrator]
 

Schutz: Deaktiviert
 

28.03.2012 15:25:34

mbam-log-2012-03-28 (15-25-34).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 339875

Laufzeit: 47 Minute(n), 45 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 03/28/2012 at 05:52 PM
 

Application Version : 5.0.1146
 

Core Rules Database Version : 8389

Trace Rules Database Version: 6201
 

Scan type       : Complete Scan

Total Scan Time : 01:13:47
 

Operating System Information

Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 682

Memory threats detected   : 0

Registry items scanned    : 74455

Registry threats detected : 0

File items scanned        : 139460

File threats detected     : 395
 

Adware.Tracking Cookie

        C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\pc@adx.chip[1].txt [ /adx.chip ]

        C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\ECL6YIQB.txt [ /smartadserver.com ]

        C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\ACV2W7RI.txt [ /doubleclick.net ]

        C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\3Y0W462X.txt [ /atdmt.com ]

        C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\I58Z8SI4.txt [ /dyntracker.com ]

        C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\8XRLNJ10.txt [ /mediaplex.com ]

        C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\2RH622E3.txt [ /www.zanox-affiliate.de ]

        C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\LNCPMI8B.txt [ /zanox-affiliate.de ]

        C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\HQ6TL7DG.txt [ /ads.creative-serving.com ]

        C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\XDB74HKZ.txt [ /fastclick.net ]

        C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies\JY50J8PP.txt [ /apmebf.com ]

        C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\JJ9CAI3T.txt [ Cookie:pc@clkads.com/adServe/banners/ ]

        C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\APKZ2VW3.txt [ Cookie:pc@clkads.com/adServe/banners ]

        C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\1BEQO6K1.txt [ Cookie:pc@doubleclick.net/ ]

        C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\pc@ad.yieldmanager[2].txt [ Cookie:pc@ad.yieldmanager.com/ ]

        C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\PM5001SF.txt [ Cookie:pc@invitemedia.com/ ]

        C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\YIN17CMI.txt [ Cookie:pc@revsci.net/ ]

        C:\USERS\PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\pc@fastclick[1].txt [ Cookie:pc@fastclick.net/ ]

        C:\USERS\PC\Cookies\ACV2W7RI.txt [ Cookie:pc@doubleclick.net/ ]

        C:\USERS\PC\Cookies\I58Z8SI4.txt [ Cookie:pc@dyntracker.com/ ]

        C:\USERS\PC\Cookies\8XRLNJ10.txt [ Cookie:pc@mediaplex.com/ ]

        C:\USERS\PC\Cookies\LNCPMI8B.txt [ Cookie:pc@zanox-affiliate.de/ ]

        C:\USERS\PC\Cookies\JJ9CAI3T.txt [ Cookie:pc@clkads.com/adServe/banners/ ]

        C:\USERS\PC\Cookies\APKZ2VW3.txt [ Cookie:pc@clkads.com/adServe/banners ]

        C:\USERS\PC\Cookies\XDB74HKZ.txt [ Cookie:pc@fastclick.net/ ]

        www.mediamarkt.de [ C:\USERS\PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .doubleclick.net [ C:\USERS\PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PC@INTERCLICK[1].TXT [ /INTERCLICK ]

        .apmebf.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adviva.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        in.getclicky.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        zbox.zanox.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .ru4.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .deutschepostag.112.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tto2.traffictrack.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        adserv.quality-channel.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        adserv.quality-channel.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adserv.quality-channel.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .lucidmedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adserver.gs [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.slidefinder.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.slidefinder.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .slidefinder.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .slidefinder.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.slidefinder.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .secmedia.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .guj.122.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .franklintempleton.122.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .dkvag.112.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .e-2dj6wfkioocjckp.stats.esomniture.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .e-2dj6wflysic5gkp.stats.esomniture.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .legolas-media.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .legolas-media.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .bizrate.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .vodafonegroup.122.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .e-2dj6wfk4skazibp.stats.esomniture.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adxpose.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .ads.quartermedia.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .agrifinder.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .agrifinder.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        adserver.euronics.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        adserver.freelancermap.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .liveperson.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        track.webtrekk.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        track.webtrekk.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tns-counter.ru [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .amazon-adsystem.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .amazon-adsystem.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tracking.3gnet.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        tracking.klicktel.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .liveperson.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .overture.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .lfstmedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .lfstmedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .lfstmedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .ww251.smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .eyewonder.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        banner.testberichte.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .questionmarket.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .questionmarket.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        studivz.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .eyewonder.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .ad-emea.doubleclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.zanox-affiliate.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        tradefx.advertserve.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .openstat.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .spylog.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .pro-market.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .pro-market.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .interclick.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .interclick.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .112.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.adserver01.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .yadro.ru [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.mediamarkt.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .mediacityberlin.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .mediacityberlin.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        edates.traffective-tracking.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        edates.traffective-tracking.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        edates.traffective-tracking.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.dyntracker.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adviva.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.dyntracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .at.atwola.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tribalfusion.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        fr.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        fr.sitestat.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        media.gan-online.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .dyntracker.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .safaribooks.112.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .nikonjp.112.2o7.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .stats4free.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .stats4free.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .bs.serving-sys.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        eas4.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        eas4.emediate.eu [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ww251.smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.zanox-affiliate.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad1.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .yieldmanager.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .ru4.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .kontera.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        server.adform.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        server.adform.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adform.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        tracking.klicktel.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .zanox-affiliate.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.dyntracker.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .statcounter.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad3.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad4.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        ad2.adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        a.visualrevenue.com [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBXS9IF.DEFAULT\COOKIES.SQLITE ]