Trojaner-Board - "Aus Sicherheitsgründen wurde Ihr Windowssystem gesperrt..."

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - "Aus Sicherheitsgründen wurde Ihr Windowssystem gesperrt..." (https://www.trojaner-board.de/111966-sicherheitsgruenden-wurde-windowssystem-gesperrt.html)

"Aus Sicherheitsgründen wurde Ihr Windowssystem gesperrt..."

Hey !

Ich habe ein Problem! Gestern erschien auf einmal ein Fenster im Bildschirm, das mich aufforderte, Geld zu zahlen weil mein System angeblich gesperrt wurde.
Ich habe auch schon in anderen Threads von diesem Virus gelesen aber da man ja individuelle Hilfe braucht und ich auch keine Ahnung von der ganzen Sache habe, dachte ich ich frag hier jetzt nochmal nach.
Systemwiederherstellung funktioniert nicht, Avira macht gerade eine Systemüberprüfung und hat vorhin auch noch 3 Viren gefunden, diese habe ich zuerst in die Quarantäne verschoben und dann gelöscht. Seit ca. 10 min bin ich nun wieder online und die Meldung kam noch nicht wieder-aber ich schätze, der Virus ist schon noch da oder ? Ich habe Windows 7 und ähm, ich glaube ein 32bit System... :)

Wäre toll, wenn ihr mir helft ! Danke schonmal.
Lg, Sobbel

Avira hat folgendes gefunden: (heute)
-Die Datei 'C:\Users\******\AppData\Local\Skype\SkypePM.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.EJ.113' [trojan].
-In der Datei 'C:\Users\******\AppData\Local\Skype\SkypePM.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Ransom.EJ.113' [trojan] gefunden.

und gestern :
-In der Datei 'C:\Users\******\AppData\Local\Temp\0.14002591814549004h7i.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.

Edit: da hab ich zu schnell gepostet :(

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Okay, also mein System wird gerade von dem Malewarebites-Programm gescannt. Dauert vermutlich noch ein bisschen und dannach scanne ich es mit dem ESET-online scanner und poste die Logfiles hier auch gleich.

Um 18:52 hat Avira noch nen Haufen anderer gruseliger Malewares gefunden, die schreib ich hier mal rein, vllt is das ja wichtig...
in 17 verschiedenen Ordnern oder Dateien wurde jeweils "TR/Ransom.EJ.113' [trojan]" <- das da gefunden. Wenn das in Quarantäne ist, soll ich es dann löschen oder in der Quarantäne lassen ? Oh und ähm, ich habe vorhin auch mal mein System mit diesem OTL-Programm gescannt, soll ich die Logfiles (oder was auch immer das ist) hier auch posten ?

Vielen Dank schonmal deine Hilfe ! Ohne das Forum hier wäre ich echt aufgeschmissen ! lg :)

Also, mein System wurde jetzt mit Malewarebytes und dem ESET-Online Scanner gescannt und das hier kam dabei raus:

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.20.06
 

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

Sophie :: SOPHIE-PC [Administrator]
 

20.03.2012 18:53:49

mbam-log-2012-03-20 (18-53-49).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 456471

Laufzeit: 2 Stunde(n), 8 Minute(n), 38 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 4

C:\Program Files\System32 (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\System32\Redist (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\System32\Redist\MS (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\System32\Redist\MS\System (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 10

C:\Program Files\System32\hpdd_reg.bat (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\System32\Redist\MS\System\asycfilt.dll (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\System32\Redist\MS\System\comcat.dll (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\System32\Redist\MS\System\mfc42.dll (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\System32\Redist\MS\System\msvcirt.dll (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\System32\Redist\MS\System\msvcp60.dll (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\System32\Redist\MS\System\msvcrt.dll (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\System32\Redist\MS\System\oleaut32.dll (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\System32\Redist\MS\System\olepro32.dll (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\System32\Redist\MS\System\stdole2.tlb (Backdoor.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

und :

Code:

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internet# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=af6321a27e2fd54c8ec802946fdb3c94

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-21 12:10:59

# local_time=2012-03-21 01:10:59 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=1797 16775165 100 94 107373 68814123 11902 0

# compatibility_mode=5893 16776573 100 94 33643631 84716045 0 0

# compatibility_mode=8192 67108863 100 0 14603 14603 0 0

# scanned=288406

# found=2

# cleaned=0

# scan_time=54557

C:\Users\Sophie\Downloads\SoftonicDownloader_fuer_photo-collage.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Sophie\Downloads\SoftonicDownloader_fuer_wondershare-photo-collage-studio.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Ähm nein, ich habe Malwarebytes gestern erst heruntergeladen und dann diesen einen Scan gemacht. Was ist ein Reiter ?
Also wenn ich auf den Ordner Malwarebytes' Anti-Malware in meinen Programmen gehe, gibt es da keine anderen Logdateien, falls du das meinst.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 22.03.2012 13:03:07 - Run 2

OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Sophie\Downloads

 Professional  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,69% Memory free

6,00 Gb Paging File | 4,84 Gb Available in Paging File | 80,66% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455,48 Gb Total Space | 129,67 Gb Free Space | 28,47% Space Free | Partition Type: NTFS

Drive R: | 10,28 Gb Total Space | 5,32 Gb Free Space | 51,70% Space Free | Partition Type: NTFS

 

Computer Name: SOPHIE-PC | User Name: Sophie | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Sophie\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\Logitech\Vid\Vid.exe (Logitech Inc.)

PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Programme\Common Files\LogiShrd\SharedBin\LvApi11.dll ()

MOD - C:\Programme\Logitech\Vid\plugins\imageformats\qjpeg4.dll ()

MOD - C:\Programme\Logitech\Vid\plugins\imageformats\qico4.dll ()

MOD - C:\Programme\Logitech\Vid\plugins\imageformats\qgif4.dll ()

MOD - C:\Programme\Logitech\Vid\SDL.dll ()

MOD - C:\Programme\Logitech\Vid\qtxml4.dll ()

MOD - C:\Programme\Logitech\Vid\QtWebKit4.dll ()

MOD - C:\Programme\Logitech\Vid\qtsql4.dll ()

MOD - C:\Programme\Logitech\Vid\QtOpenGL4.dll ()

MOD - C:\Programme\Logitech\Vid\QtNetwork4.dll ()

MOD - C:\Programme\Logitech\Vid\QtGui4.dll ()

MOD - C:\Programme\Logitech\Vid\QtCore4.dll ()

MOD - C:\Programme\Logitech\Vid\phonon4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QtNetwork4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (sppuinotify) -- %SystemRoot%\system32\sppuinotify.dll File not found

SRV - (sppsvc) -- C:\Windows\system32\sppsvc.exe File not found

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (LVPrcSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)

DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)

DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 7C 44 66 7E 18 CC 01  [binary data]

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: searchpredict@speedbit.com:1.0.1.0

FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.31 18:59:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.31 18:59:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2011.03.23 20:39:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2011.03.23 20:39:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.08 19:17:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.24 15:10:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.25 22:55:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.01.24 15:10:48 | 000,000,000 | ---D | M]

 

[2011.01.09 01:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sophie\AppData\Roaming\mozilla\Extensions

[2011.01.09 01:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sophie\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.03.22 12:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sophie\AppData\Roaming\mozilla\Firefox\Profiles\jppsct5r.default\extensions

[2012.03.22 12:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sophie\AppData\Roaming\mozilla\Firefox\Profiles\jppsct5r.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}

[2012.01.17 21:47:43 | 000,000,933 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\11-suche.xml

[2012.01.17 21:47:43 | 000,002,419 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\englische-ergebnisse.xml

[2012.01.17 21:47:43 | 000,010,525 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\gmx-suche.xml

[2012.01.17 21:47:43 | 000,002,457 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\lastminute.xml

[2012.01.17 21:47:43 | 000,005,508 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\webde-suche.xml

[2011.11.30 15:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.01.09 02:02:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011.03.23 20:39:07 | 000,000,000 | ---D | M] (SearchPredict) -- C:\PROGRAM FILES\SEARCHPREDICT\PRFIREFOX

[2011.03.23 20:39:10 | 000,000,000 | ---D | M] (SpeedBit Video Downloader) -- C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\SPFIREFOX

() (No name found) -- C:\USERS\SOPHIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JPPSCT5R.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI

[2012.03.08 19:17:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.03.06 13:48:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.06 13:48:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.06 13:48:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.06 13:48:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.06 13:48:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.06 13:48:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sophie\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Sophie\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sophie\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Angry Birds = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: DivX HiQ = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\

CHR - Extension: DivX HiQ = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_1\

CHR - Extension: Picnik = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\

CHR - Extension: Google \u00DCbersetzer f\u00FCr Google+ = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfppgkomfopklagggkjiaddgndkgopgl\1.1_0\

CHR - Extension: Grass = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_1\

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Programme\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Programme\SearchPredict\SearchPredict.dll (Speedbit Ltd.)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programme\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)

O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Programme\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()

O3 - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Programme\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKU\S-1-5-21-3419469167-732743675-4181630984-1000..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)

O4 - HKU\S-1-5-21-3419469167-732743675-4181630984-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-3419469167-732743675-4181630984-1000..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AF95520-EFC7-4C7C-8472-F7EBDB31ECF7}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2b35bf3e-1b86-11e0-9eab-002215153c9f}\Shell - "" = AutoRun

O33 - MountPoints2\{2b35bf3e-1b86-11e0-9eab-002215153c9f}\Shell\AutoRun\command - "" = J:\pushinst.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.20 18:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.03.20 18:52:25 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Malwarebytes

[2012.03.20 18:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.20 18:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.03.20 18:52:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.03.20 18:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.03.20 18:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.03.20 18:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2012.03.13 11:43:16 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{AC393709-CDD4-4D67-B5B6-328CB74B7B13}

[2012.03.13 11:31:12 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Desktop\FB

[2012.03.11 16:11:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Desktop\Party in Wernau

[2011.01.09 17:18:20 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe

[2011.01.09 17:18:18 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe

[2011.01.09 17:18:17 | 001,150,976 | ---- | C] (Hewlet-Packard) -- C:\Program Files\hpbtpg.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.22 13:02:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3419469167-732743675-4181630984-1000UA.job

[2012.03.22 13:02:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3419469167-732743675-4181630984-1000Core.job

[2012.03.22 12:51:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.22 12:51:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.22 12:42:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.22 12:42:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs

[2012.03.22 12:42:42 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.20 18:56:53 | 000,080,908 | ---- | M] () -- C:\Users\Sophie\Desktop\eset 2.JPG

[2012.03.20 18:56:21 | 000,144,569 | ---- | M] () -- C:\Users\Sophie\Desktop\eset dingens.JPG

[2012.03.20 18:52:07 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.20 18:47:06 | 000,000,000 | ---- | M] () -- C:\Users\Sophie\defogger_reenable

[2012.03.20 18:25:21 | 000,001,091 | ---- | M] () -- C:\Users\Sophie\Desktop\OTL - Verknüpfung.lnk

[2012.03.13 12:03:22 | 000,002,407 | ---- | M] () -- C:\Users\Sophie\Desktop\Google Chrome.lnk

[2012.03.08 21:10:44 | 000,400,954 | ---- | M] () -- C:\Users\Sophie\Desktop\EK A1 Abi 2011.pdf

[2012.03.08 20:02:37 | 000,103,227 | ---- | M] () -- C:\Users\Sophie\Desktop\Deutsch abi 2011 !!.pdf

[2012.03.08 19:56:55 | 000,514,296 | ---- | M] () -- C:\Users\Sophie\Desktop\Geo abi zusammenfassung.pdf

[2012.03.04 11:41:33 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.04 11:41:33 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.04 11:41:33 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.04 11:41:33 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.02 20:40:44 | 000,019,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.02 20:40:44 | 000,019,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

 
 ========== Files Created - No Company Name ==========

 

[2012.03.20 18:56:53 | 000,080,908 | ---- | C] () -- C:\Users\Sophie\Desktop\eset 2.JPG

[2012.03.20 18:56:21 | 000,144,569 | ---- | C] () -- C:\Users\Sophie\Desktop\eset dingens.JPG

[2012.03.20 18:52:07 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.20 18:47:06 | 000,000,000 | ---- | C] () -- C:\Users\Sophie\defogger_reenable

[2012.03.20 18:25:21 | 000,001,091 | ---- | C] () -- C:\Users\Sophie\Desktop\OTL - Verknüpfung.lnk

[2012.03.08 21:10:44 | 000,400,954 | ---- | C] () -- C:\Users\Sophie\Desktop\EK A1 Abi 2011.pdf

[2012.03.08 20:02:36 | 000,103,227 | ---- | C] () -- C:\Users\Sophie\Desktop\Deutsch abi 2011 !!.pdf

[2012.03.08 19:57:34 | 001,227,867 | ---- | C] () -- C:\Users\Sophie\Desktop\Abitur Zusammenfassung Erdkunde markiert.pdf

[2012.03.08 19:56:55 | 000,514,296 | ---- | C] () -- C:\Users\Sophie\Desktop\Geo abi zusammenfassung.pdf

[2011.04.28 16:21:30 | 000,000,059 | ---- | C] () -- C:\Windows\LTDLGFILE14N.INI

[2011.01.10 18:28:32 | 000,000,158 | ---- | C] () -- C:\Windows\WLP.ini

[2011.01.09 17:18:50 | 000,000,369 | ---- | C] () -- C:\Program Files\response.ini

[2011.01.09 17:18:50 | 000,000,050 | ---- | C] () -- C:\Program Files\install.bat

[2011.01.09 17:18:50 | 000,000,039 | ---- | C] () -- C:\Program Files\uninstall.bat

[2011.01.09 17:18:49 | 000,146,291 | ---- | C] () -- C:\Program Files\cu_readme.rtf

[2011.01.09 17:18:49 | 000,091,648 | ---- | C] () -- C:\Program Files\1031.mst

[2011.01.09 17:18:49 | 000,004,667 | ---- | C] () -- C:\Program Files\0x0407.ini

[2011.01.09 17:18:21 | 000,001,390 | ---- | C] () -- C:\Program Files\Setup.ini

[2011.01.09 17:18:17 | 001,043,550 | ---- | C] () -- C:\Program Files\setup.exe

[2011.01.09 17:17:17 | 003,198,026 | ---- | C] () -- C:\Program Files\fonts.cab

[2011.01.09 17:17:06 | 008,873,215 | ---- | C] () -- C:\Program Files\drv9x.cab

[2011.01.09 17:17:05 | 000,750,805 | ---- | C] () -- C:\Program Files\all98.cab

[2011.01.09 17:17:02 | 021,863,770 | ---- | C] () -- C:\Program Files\TOOLBO~1.cab

[2011.01.09 17:16:56 | 010,990,268 | ---- | C] () -- C:\Program Files\hp LaserJet 1010 Series.msi

[2011.01.09 16:59:48 | 000,006,649 | ---- | C] () -- C:\Windows\hplj1010.ini

[2011.01.09 02:05:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.01.09 01:31:04 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin

[2011.01.09 01:30:08 | 019,657,194 | ---- | C] () -- C:\Program Files\vlc-1.1.4-win32.exe

[2010.05.14 22:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll

[2010.05.14 22:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe

[2010.05.14 22:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll

[2010.05.14 22:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2010.05.07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

[2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

 
 ========== LOP Check ==========

 

[2012.03.22 12:50:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\ICQ

[2011.01.29 12:34:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Leadertech

[2011.01.31 18:59:10 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Local

[2011.01.09 22:56:28 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\OpenOffice.org

[2011.02.07 17:31:21 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\PhotoScape

[2011.04.28 16:48:11 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\proDAD

[2011.01.09 01:55:05 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Thunderbird

[2011.12.09 18:17:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.01.09 02:09:05 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Adobe

[2011.12.27 00:56:14 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Apple Computer

[2011.03.16 16:48:24 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Avira

[2011.04.18 22:46:59 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\DivX

[2012.03.22 12:50:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\ICQ

[2011.01.09 01:26:08 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Identities

[2011.01.29 12:34:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Leadertech

[2011.01.31 18:59:10 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Local

[2011.01.09 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Macromedia

[2012.03.20 18:52:25 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Malwarebytes

[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Media Center Programs

[2012.01.02 14:03:59 | 000,000,000 | --SD | M] -- C:\Users\Sophie\AppData\Roaming\Microsoft

[2011.01.09 01:37:08 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Mozilla

[2011.01.09 22:56:28 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\OpenOffice.org

[2011.02.07 17:31:21 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\PhotoScape

[2011.04.28 16:48:11 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\proDAD

[2012.01.09 22:28:01 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Skype

[2012.01.09 16:06:03 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\skypePM

[2011.01.09 01:55:05 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Thunderbird

[2011.08.10 12:09:50 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\vlc

[2011.02.20 21:04:26 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.01.29 12:34:03 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Sophie\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\drivers\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\System32\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\System32\scecli.dll

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\System32\user32.dll

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll

 
 <           >
 

< End of report >

--- --- ---

Zitat:

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

Gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!

Den hab ich vor urzeiten mal runtergeladen aber eigentlich nie genutzt den Player... Ist der Virus denn jetzt weg oder was soll ich noch machen ?!

Das war ein Hinweis weil DivX von den allermeisten für diesen Mist benutzt wird!
Also beherzige den Hinweis bitte und was du nicht nutzt sollte wieder vom Rechner deinstalliert werden. Mach das und danach ein neues OTL-Log

so, ich hab jetzt den DivX player und noch ein paar andere Programme, die ich nicht nutze deinstalliert und nochmal einen Scan mit OTL gemacht :)

OTL Logfile:

Code:

OTL logfile created on: 25.03.2012 16:39:06 - Run 3

OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Sophie\Downloads

 Professional  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,25% Memory free

6,00 Gb Paging File | 4,74 Gb Available in Paging File | 78,97% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455,48 Gb Total Space | 129,77 Gb Free Space | 28,49% Space Free | Partition Type: NTFS

Drive R: | 10,28 Gb Total Space | 5,32 Gb Free Space | 51,70% Space Free | Partition Type: NTFS

 

Computer Name: SOPHIE-PC | User Name: Sophie | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Sophie\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\Logitech\Vid\Vid.exe (Logitech Inc.)

PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Programme\Common Files\LogiShrd\SharedBin\LvApi11.dll ()

MOD - C:\Programme\Logitech\Vid\plugins\imageformats\qjpeg4.dll ()

MOD - C:\Programme\Logitech\Vid\plugins\imageformats\qico4.dll ()

MOD - C:\Programme\Logitech\Vid\plugins\imageformats\qgif4.dll ()

MOD - C:\Programme\Logitech\Vid\SDL.dll ()

MOD - C:\Programme\Logitech\Vid\qtxml4.dll ()

MOD - C:\Programme\Logitech\Vid\QtWebKit4.dll ()

MOD - C:\Programme\Logitech\Vid\qtsql4.dll ()

MOD - C:\Programme\Logitech\Vid\QtOpenGL4.dll ()

MOD - C:\Programme\Logitech\Vid\QtNetwork4.dll ()

MOD - C:\Programme\Logitech\Vid\QtGui4.dll ()

MOD - C:\Programme\Logitech\Vid\QtCore4.dll ()

MOD - C:\Programme\Logitech\Vid\phonon4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QtNetwork4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (sppuinotify) -- %SystemRoot%\system32\sppuinotify.dll File not found

SRV - (sppsvc) -- C:\Windows\system32\sppsvc.exe File not found

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (LVPrcSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)

DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)

DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 7C 44 66 7E 18 CC 01  [binary data]

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: searchpredict@speedbit.com:1.0.1.0

FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.31 19:59:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.31 19:59:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.08 20:17:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.24 16:10:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.25 23:55:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.01.24 16:10:48 | 000,000,000 | ---D | M]

 

[2011.01.09 02:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sophie\AppData\Roaming\mozilla\Extensions

[2011.01.09 02:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sophie\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.03.25 16:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sophie\AppData\Roaming\mozilla\Firefox\Profiles\jppsct5r.default\extensions

[2012.03.25 16:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sophie\AppData\Roaming\mozilla\Firefox\Profiles\jppsct5r.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}

[2012.01.17 22:47:43 | 000,000,933 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\11-suche.xml

[2012.01.17 22:47:43 | 000,002,419 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\englische-ergebnisse.xml

[2012.01.17 22:47:43 | 000,010,525 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\gmx-suche.xml

[2012.01.17 22:47:43 | 000,002,457 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\lastminute.xml

[2012.01.17 22:47:43 | 000,005,508 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\webde-suche.xml

[2011.11.30 16:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.01.09 03:02:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

File not found (No name found) -- C:\PROGRAM FILES\SEARCHPREDICT\PRFIREFOX

File not found (No name found) -- C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\SPFIREFOX

() (No name found) -- C:\USERS\SOPHIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JPPSCT5R.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI

[2012.03.08 20:17:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.03.06 14:48:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.06 14:48:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.06 14:48:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.06 14:48:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.06 14:48:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.06 14:48:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sophie\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Sophie\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sophie\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Angry Birds = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: DivX HiQ = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\

CHR - Extension: DivX HiQ = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_1\

CHR - Extension: Picnik = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\

CHR - Extension: Google \u00DCbersetzer f\u00FCr Google+ = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfppgkomfopklagggkjiaddgndkgopgl\1.1_0\

CHR - Extension: Grass = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_1\

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKU\S-1-5-21-3419469167-732743675-4181630984-1000..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)

O4 - HKU\S-1-5-21-3419469167-732743675-4181630984-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-3419469167-732743675-4181630984-1000..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AF95520-EFC7-4C7C-8472-F7EBDB31ECF7}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2b35bf3e-1b86-11e0-9eab-002215153c9f}\Shell - "" = AutoRun

O33 - MountPoints2\{2b35bf3e-1b86-11e0-9eab-002215153c9f}\Shell\AutoRun\command - "" = J:\pushinst.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.25 16:36:14 | 000,776,648 | ---- | C] (proDAD GmbH) -- C:\uninstall.exe

[2012.03.24 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012.03.24 14:33:37 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2012.03.20 19:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.03.20 19:52:25 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Malwarebytes

[2012.03.20 19:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.20 19:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.03.20 19:52:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.03.20 19:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.03.20 19:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.03.20 19:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2012.03.13 12:43:16 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{AC393709-CDD4-4D67-B5B6-328CB74B7B13}

[2012.03.13 12:31:12 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Desktop\FB

[2012.03.11 17:11:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Desktop\Party in Wernau

[2011.01.09 18:18:20 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe

[2011.01.09 18:18:18 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe

[2011.01.09 18:18:17 | 001,150,976 | ---- | C] (Hewlet-Packard) -- C:\Program Files\hpbtpg.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.25 16:29:53 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.25 16:29:53 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.25 16:29:53 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.25 16:29:53 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.25 16:24:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.25 16:23:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.25 16:23:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs

[2012.03.25 16:23:25 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.24 14:33:38 | 000,001,224 | ---- | M] () -- C:\Users\Sophie\Desktop\Revo Uninstaller.lnk

[2012.03.24 14:08:12 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3419469167-732743675-4181630984-1000UA.job

[2012.03.24 14:08:12 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3419469167-732743675-4181630984-1000Core.job

[2012.03.24 13:51:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.24 13:06:03 | 000,002,407 | ---- | M] () -- C:\Users\Sophie\Desktop\Google Chrome.lnk

[2012.03.20 19:56:53 | 000,080,908 | ---- | M] () -- C:\Users\Sophie\Desktop\eset 2.JPG

[2012.03.20 19:56:21 | 000,144,569 | ---- | M] () -- C:\Users\Sophie\Desktop\eset dingens.JPG

[2012.03.20 19:52:07 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.20 19:47:06 | 000,000,000 | ---- | M] () -- C:\Users\Sophie\defogger_reenable

[2012.03.20 19:25:21 | 000,001,091 | ---- | M] () -- C:\Users\Sophie\Desktop\OTL - Verknüpfung.lnk

[2012.03.08 22:10:44 | 000,400,954 | ---- | M] () -- C:\Users\Sophie\Desktop\EK A1 Abi 2011.pdf

[2012.03.08 21:02:37 | 000,103,227 | ---- | M] () -- C:\Users\Sophie\Desktop\Deutsch abi 2011 !!.pdf

[2012.03.08 20:56:55 | 000,514,296 | ---- | M] () -- C:\Users\Sophie\Desktop\Geo abi zusammenfassung.pdf

[2012.03.02 21:40:44 | 000,019,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.02 21:40:44 | 000,019,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

 
 ========== Files Created - No Company Name ==========

 

[2012.03.24 14:33:38 | 000,001,224 | ---- | C] () -- C:\Users\Sophie\Desktop\Revo Uninstaller.lnk

[2012.03.20 19:56:53 | 000,080,908 | ---- | C] () -- C:\Users\Sophie\Desktop\eset 2.JPG

[2012.03.20 19:56:21 | 000,144,569 | ---- | C] () -- C:\Users\Sophie\Desktop\eset dingens.JPG

[2012.03.20 19:52:07 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.20 19:47:06 | 000,000,000 | ---- | C] () -- C:\Users\Sophie\defogger_reenable

[2012.03.20 19:25:21 | 000,001,091 | ---- | C] () -- C:\Users\Sophie\Desktop\OTL - Verknüpfung.lnk

[2012.03.08 22:10:44 | 000,400,954 | ---- | C] () -- C:\Users\Sophie\Desktop\EK A1 Abi 2011.pdf

[2012.03.08 21:02:36 | 000,103,227 | ---- | C] () -- C:\Users\Sophie\Desktop\Deutsch abi 2011 !!.pdf

[2012.03.08 20:57:34 | 001,227,867 | ---- | C] () -- C:\Users\Sophie\Desktop\Abitur Zusammenfassung Erdkunde markiert.pdf

[2012.03.08 20:56:55 | 000,514,296 | ---- | C] () -- C:\Users\Sophie\Desktop\Geo abi zusammenfassung.pdf

[2011.04.28 17:21:30 | 000,000,059 | ---- | C] () -- C:\Windows\LTDLGFILE14N.INI

[2011.01.10 19:28:32 | 000,000,158 | ---- | C] () -- C:\Windows\WLP.ini

[2011.01.09 18:18:50 | 000,000,369 | ---- | C] () -- C:\Program Files\response.ini

[2011.01.09 18:18:50 | 000,000,050 | ---- | C] () -- C:\Program Files\install.bat

[2011.01.09 18:18:50 | 000,000,039 | ---- | C] () -- C:\Program Files\uninstall.bat

[2011.01.09 18:18:49 | 000,146,291 | ---- | C] () -- C:\Program Files\cu_readme.rtf

[2011.01.09 18:18:49 | 000,091,648 | ---- | C] () -- C:\Program Files\1031.mst

[2011.01.09 18:18:49 | 000,004,667 | ---- | C] () -- C:\Program Files\0x0407.ini

[2011.01.09 18:18:21 | 000,001,390 | ---- | C] () -- C:\Program Files\Setup.ini

[2011.01.09 18:18:17 | 001,043,550 | ---- | C] () -- C:\Program Files\setup.exe

[2011.01.09 18:17:17 | 003,198,026 | ---- | C] () -- C:\Program Files\fonts.cab

[2011.01.09 18:17:06 | 008,873,215 | ---- | C] () -- C:\Program Files\drv9x.cab

[2011.01.09 18:17:05 | 000,750,805 | ---- | C] () -- C:\Program Files\all98.cab

[2011.01.09 18:17:02 | 021,863,770 | ---- | C] () -- C:\Program Files\TOOLBO~1.cab

[2011.01.09 18:16:56 | 010,990,268 | ---- | C] () -- C:\Program Files\hp LaserJet 1010 Series.msi

[2011.01.09 17:59:48 | 000,006,649 | ---- | C] () -- C:\Windows\hplj1010.ini

[2011.01.09 03:05:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.01.09 02:31:04 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin

[2011.01.09 02:30:08 | 019,657,194 | ---- | C] () -- C:\Program Files\vlc-1.1.4-win32.exe

[2010.05.14 23:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll

[2010.05.14 23:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe

[2010.05.14 23:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll

[2010.05.14 23:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2010.05.07 19:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

[2010.05.07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

 
 ========== LOP Check ==========

 

[2012.03.24 13:04:53 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\ICQ

[2011.01.29 13:34:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Leadertech

[2011.01.31 19:59:10 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Local

[2011.01.09 23:56:28 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\OpenOffice.org

[2011.02.07 18:31:21 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\PhotoScape

[2012.03.25 16:36:44 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\proDAD

[2011.01.09 02:55:05 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Thunderbird

[2011.12.09 19:17:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.01.09 03:09:05 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Adobe

[2011.12.27 01:56:14 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Apple Computer

[2011.03.16 17:48:24 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Avira

[2011.04.18 23:46:59 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\DivX

[2012.03.24 13:04:53 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\ICQ

[2011.01.09 02:26:08 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Identities

[2011.01.29 13:34:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Leadertech

[2011.01.31 19:59:10 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Local

[2011.01.09 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Macromedia

[2012.03.20 19:52:25 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Malwarebytes

[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Media Center Programs

[2012.01.02 15:03:59 | 000,000,000 | --SD | M] -- C:\Users\Sophie\AppData\Roaming\Microsoft

[2011.01.09 02:37:08 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Mozilla

[2011.01.09 23:56:28 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\OpenOffice.org

[2011.02.07 18:31:21 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\PhotoScape

[2012.03.25 16:36:44 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\proDAD

[2012.01.09 23:28:01 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Skype

[2012.01.09 17:06:03 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\skypePM

[2011.01.09 02:55:05 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Thunderbird

[2011.08.10 13:09:50 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\vlc

[2011.02.20 22:04:26 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.01.29 13:34:03 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Sophie\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2011.03.11 12:55:12 | 000,776,648 | ---- | M] (proDAD GmbH) -- C:\uninstall.exe

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\drivers\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\System32\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\System32\scecli.dll

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\System32\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll

 
 <           >
 

< End of report >

--- --- ---
[/code]

wahh wie kann man hier einen Beitrag wieder löschen wenn man ausversehen 2 gemacht hat ?! bei editieren steht zwar löschen dabei aber ich kann ihn nicht löschen, nur ändern... O.o

Was meinst du? :balla:

DivX wurde auch noch nicht deinstaliert!

Doch, ich habe den divx player auf jeden Fall deinstalliert ! Hat am Anfang auch nicht funktioniert, dann hab ichs gegoogelt und andere Leute hättet ähnliche Probleme. Dann habe ich es aber doch noch löschen können mit einem deinstallations Programm das in einem anderen Forum empfohlen wurde... Keine Ahnung warum das in dem otl log dingens noch drin seht aber laut meinem pc ist divx weg ! :(

Okay wow ich nehme alles zurück... O.o Also ich dachte, ich hätte den DivX player deinstalliert. Er wird im deinstallations-programm "Revo-Uninstaller" nicht mehr angezeigt nachdem ich ihn (eigentlich) deinstalliert habe.. (mit der gründlichsten Einstellung die es da gab...) auch in der Liste von den Programmen in der Systemsteuerung nicht mehr ! Aber wenn man über C:, Programme reingeht sind alle Dateien noch da ! Wahh so ein blödes..... was mach ich denn da wenn sich der nicht löschen lässt ?

So, jetzt sollte DivX aber wirklich weg sein, ich hab alle Ordner und Dateien die was damit zu tun haben mit dem CCleaner gelöscht ... Soll ich dann nochmal so einen Otl Log machen ?

Ja neues OTL-Log bitte

So, jetzt aber :)

OTL Logfile:

Code:

OTL logfile created on: 27.03.2012 12:54:12 - Run 4

OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Sophie\Downloads

 Professional  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,45% Memory free

6,00 Gb Paging File | 4,78 Gb Available in Paging File | 79,68% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455,48 Gb Total Space | 155,01 Gb Free Space | 34,03% Space Free | Partition Type: NTFS

Drive R: | 10,28 Gb Total Space | 5,32 Gb Free Space | 51,70% Space Free | Partition Type: NTFS

 

Computer Name: SOPHIE-PC | User Name: Sophie | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Sophie\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\Logitech\Vid\Vid.exe (Logitech Inc.)

PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Programme\Common Files\LogiShrd\SharedBin\LvApi11.dll ()

MOD - C:\Programme\Logitech\Vid\plugins\imageformats\qjpeg4.dll ()

MOD - C:\Programme\Logitech\Vid\plugins\imageformats\qico4.dll ()

MOD - C:\Programme\Logitech\Vid\plugins\imageformats\qgif4.dll ()

MOD - C:\Programme\Logitech\Vid\SDL.dll ()

MOD - C:\Programme\Logitech\Vid\qtxml4.dll ()

MOD - C:\Programme\Logitech\Vid\QtWebKit4.dll ()

MOD - C:\Programme\Logitech\Vid\qtsql4.dll ()

MOD - C:\Programme\Logitech\Vid\QtOpenGL4.dll ()

MOD - C:\Programme\Logitech\Vid\QtNetwork4.dll ()

MOD - C:\Programme\Logitech\Vid\QtGui4.dll ()

MOD - C:\Programme\Logitech\Vid\QtCore4.dll ()

MOD - C:\Programme\Logitech\Vid\phonon4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QtNetwork4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()

MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (sppuinotify) -- %SystemRoot%\system32\sppuinotify.dll File not found

SRV - (sppsvc) -- C:\Windows\system32\sppsvc.exe File not found

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (LVPrcSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)

DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)

DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 7C 44 66 7E 18 CC 01  [binary data]

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3419469167-732743675-4181630984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: searchpredict@speedbit.com:1.0.1.0

FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.08 20:17:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.24 16:10:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.25 23:55:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.01.24 16:10:48 | 000,000,000 | ---D | M]

 

[2011.01.09 02:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sophie\AppData\Roaming\mozilla\Extensions

[2011.01.09 02:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sophie\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.03.25 17:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sophie\AppData\Roaming\mozilla\Firefox\Profiles\jppsct5r.default\extensions

[2012.01.17 22:47:43 | 000,000,933 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\11-suche.xml

[2012.01.17 22:47:43 | 000,002,419 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\englische-ergebnisse.xml

[2012.01.17 22:47:43 | 000,010,525 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\gmx-suche.xml

[2012.01.17 22:47:43 | 000,002,457 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\lastminute.xml

[2012.01.17 22:47:43 | 000,005,508 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\webde-suche.xml

[2011.11.30 16:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.01.09 03:02:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

() (No name found) -- C:\USERS\SOPHIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JPPSCT5R.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI

[2012.03.08 20:17:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.03.06 14:48:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.06 14:48:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.06 14:48:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.06 14:48:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.06 14:48:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.06 14:48:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sophie\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Sophie\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sophie\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll

CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Angry Birds = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: DivX HiQ = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_1\

CHR - Extension: Picnik = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\

CHR - Extension: Google \u00DCbersetzer f\u00FCr Google+ = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfppgkomfopklagggkjiaddgndkgopgl\1.1_0\

CHR - Extension: Grass = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found

O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKU\S-1-5-21-3419469167-732743675-4181630984-1000..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)

O4 - HKU\S-1-5-21-3419469167-732743675-4181630984-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-3419469167-732743675-4181630984-1000..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AF95520-EFC7-4C7C-8472-F7EBDB31ECF7}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2b35bf3e-1b86-11e0-9eab-002215153c9f}\Shell - "" = AutoRun

O33 - MountPoints2\{2b35bf3e-1b86-11e0-9eab-002215153c9f}\Shell\AutoRun\command - "" = J:\pushinst.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.26 13:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.03.26 13:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.03.25 16:36:14 | 000,776,648 | ---- | C] (proDAD GmbH) -- C:\uninstall.exe

[2012.03.24 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012.03.24 14:33:37 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2012.03.20 19:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.03.20 19:52:25 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Malwarebytes

[2012.03.20 19:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.20 19:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.03.20 19:52:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.03.20 19:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.03.20 19:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.03.20 19:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2012.03.13 12:43:16 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{AC393709-CDD4-4D67-B5B6-328CB74B7B13}

[2012.03.13 12:31:12 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Desktop\FB

[2012.03.11 17:11:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Desktop\Party in Wernau

[2011.01.09 18:18:20 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe

[2011.01.09 18:18:18 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe

[2011.01.09 18:18:17 | 001,150,976 | ---- | C] (Hewlet-Packard) -- C:\Program Files\hpbtpg.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.27 12:51:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.27 12:51:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.27 12:40:43 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.27 12:40:43 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.27 12:40:43 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.27 12:40:43 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.27 12:35:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.27 12:35:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs

[2012.03.27 12:35:04 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.26 13:28:40 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.03.25 17:02:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3419469167-732743675-4181630984-1000UA.job

[2012.03.24 14:33:38 | 000,001,224 | ---- | M] () -- C:\Users\Sophie\Desktop\Revo Uninstaller.lnk

[2012.03.24 14:08:12 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3419469167-732743675-4181630984-1000Core.job

[2012.03.24 13:06:03 | 000,002,407 | ---- | M] () -- C:\Users\Sophie\Desktop\Google Chrome.lnk

[2012.03.20 19:56:53 | 000,080,908 | ---- | M] () -- C:\Users\Sophie\Desktop\eset 2.JPG

[2012.03.20 19:56:21 | 000,144,569 | ---- | M] () -- C:\Users\Sophie\Desktop\eset dingens.JPG

[2012.03.20 19:52:07 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.20 19:47:06 | 000,000,000 | ---- | M] () -- C:\Users\Sophie\defogger_reenable

[2012.03.20 19:25:21 | 000,001,091 | ---- | M] () -- C:\Users\Sophie\Desktop\OTL - Verknüpfung.lnk

[2012.03.08 22:10:44 | 000,400,954 | ---- | M] () -- C:\Users\Sophie\Desktop\EK A1 Abi 2011.pdf

[2012.03.08 21:02:37 | 000,103,227 | ---- | M] () -- C:\Users\Sophie\Desktop\Deutsch abi 2011 !!.pdf

[2012.03.08 20:56:55 | 000,514,296 | ---- | M] () -- C:\Users\Sophie\Desktop\Geo abi zusammenfassung.pdf

[2012.03.02 21:40:44 | 000,019,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.02 21:40:44 | 000,019,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

 
 ========== Files Created - No Company Name ==========

 

[2012.03.26 13:28:40 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.03.24 14:33:38 | 000,001,224 | ---- | C] () -- C:\Users\Sophie\Desktop\Revo Uninstaller.lnk

[2012.03.20 19:56:53 | 000,080,908 | ---- | C] () -- C:\Users\Sophie\Desktop\eset 2.JPG

[2012.03.20 19:56:21 | 000,144,569 | ---- | C] () -- C:\Users\Sophie\Desktop\eset dingens.JPG

[2012.03.20 19:52:07 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.20 19:47:06 | 000,000,000 | ---- | C] () -- C:\Users\Sophie\defogger_reenable

[2012.03.20 19:25:21 | 000,001,091 | ---- | C] () -- C:\Users\Sophie\Desktop\OTL - Verknüpfung.lnk

[2012.03.08 22:10:44 | 000,400,954 | ---- | C] () -- C:\Users\Sophie\Desktop\EK A1 Abi 2011.pdf

[2012.03.08 21:02:36 | 000,103,227 | ---- | C] () -- C:\Users\Sophie\Desktop\Deutsch abi 2011 !!.pdf

[2012.03.08 20:57:34 | 001,227,867 | ---- | C] () -- C:\Users\Sophie\Desktop\Abitur Zusammenfassung Erdkunde markiert.pdf

[2012.03.08 20:56:55 | 000,514,296 | ---- | C] () -- C:\Users\Sophie\Desktop\Geo abi zusammenfassung.pdf

[2011.04.28 17:21:30 | 000,000,059 | ---- | C] () -- C:\Windows\LTDLGFILE14N.INI

[2011.01.10 19:28:32 | 000,000,158 | ---- | C] () -- C:\Windows\WLP.ini

[2011.01.09 18:18:50 | 000,000,369 | ---- | C] () -- C:\Program Files\response.ini

[2011.01.09 18:18:50 | 000,000,050 | ---- | C] () -- C:\Program Files\install.bat

[2011.01.09 18:18:50 | 000,000,039 | ---- | C] () -- C:\Program Files\uninstall.bat

[2011.01.09 18:18:49 | 000,146,291 | ---- | C] () -- C:\Program Files\cu_readme.rtf

[2011.01.09 18:18:49 | 000,091,648 | ---- | C] () -- C:\Program Files\1031.mst

[2011.01.09 18:18:49 | 000,004,667 | ---- | C] () -- C:\Program Files\0x0407.ini

[2011.01.09 18:18:21 | 000,001,390 | ---- | C] () -- C:\Program Files\Setup.ini

[2011.01.09 18:18:17 | 001,043,550 | ---- | C] () -- C:\Program Files\setup.exe

[2011.01.09 18:17:17 | 003,198,026 | ---- | C] () -- C:\Program Files\fonts.cab

[2011.01.09 18:17:06 | 008,873,215 | ---- | C] () -- C:\Program Files\drv9x.cab

[2011.01.09 18:17:05 | 000,750,805 | ---- | C] () -- C:\Program Files\all98.cab

[2011.01.09 18:17:02 | 021,863,770 | ---- | C] () -- C:\Program Files\TOOLBO~1.cab

[2011.01.09 18:16:56 | 010,990,268 | ---- | C] () -- C:\Program Files\hp LaserJet 1010 Series.msi

[2011.01.09 17:59:48 | 000,006,649 | ---- | C] () -- C:\Windows\hplj1010.ini

[2011.01.09 03:05:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.01.09 02:31:04 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin

[2011.01.09 02:30:08 | 019,657,194 | ---- | C] () -- C:\Program Files\vlc-1.1.4-win32.exe

[2010.05.14 23:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll

[2010.05.14 23:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe

[2010.05.14 23:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll

[2010.05.14 23:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2010.05.07 19:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

[2010.05.07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

 
 ========== LOP Check ==========

 

[2012.03.27 12:51:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\ICQ

[2011.01.29 13:34:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Leadertech

[2011.01.31 19:59:10 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Local

[2011.01.09 23:56:28 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\OpenOffice.org

[2011.02.07 18:31:21 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\PhotoScape

[2012.03.25 16:36:44 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\proDAD

[2011.01.09 02:55:05 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Thunderbird

[2011.12.09 19:17:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.01.09 03:09:05 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Adobe

[2011.12.27 01:56:14 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Apple Computer

[2011.03.16 17:48:24 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Avira

[2011.04.18 23:46:59 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\DivX

[2012.03.27 12:51:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\ICQ

[2011.01.09 02:26:08 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Identities

[2011.01.29 13:34:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Leadertech

[2011.01.31 19:59:10 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Local

[2011.01.09 14:12:48 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Macromedia

[2012.03.20 19:52:25 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Malwarebytes

[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Media Center Programs

[2012.01.02 15:03:59 | 000,000,000 | --SD | M] -- C:\Users\Sophie\AppData\Roaming\Microsoft

[2011.01.09 02:37:08 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Mozilla

[2011.01.09 23:56:28 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\OpenOffice.org

[2011.02.07 18:31:21 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\PhotoScape

[2012.03.25 16:36:44 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\proDAD

[2012.01.09 23:28:01 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Skype

[2012.01.09 17:06:03 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\skypePM

[2011.01.09 02:55:05 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Thunderbird

[2011.08.10 13:09:50 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\vlc

[2011.02.20 22:04:26 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.01.29 13:34:03 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Sophie\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2011.03.11 12:55:12 | 000,776,648 | ---- | M] (proDAD GmbH) -- C:\uninstall.exe

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\drivers\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\System32\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\System32\scecli.dll

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\System32\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll

 
 <           >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found

[2012.01.17 22:47:43 | 000,000,933 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\11-suche.xml

[2012.01.17 22:47:43 | 000,002,419 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\englische-ergebnisse.xml

[2012.01.17 22:47:43 | 000,010,525 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\gmx-suche.xml

[2012.01.17 22:47:43 | 000,002,457 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\lastminute.xml

[2012.01.17 22:47:43 | 000,005,508 | ---- | M] () -- C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\webde-suche.xml

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found

O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found

O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2b35bf3e-1b86-11e0-9eab-002215153c9f}\Shell - "" = AutoRun

O33 - MountPoints2\{2b35bf3e-1b86-11e0-9eab-002215153c9f}\Shell\AutoRun\command - "" = J:\pushinst.exe

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Okay, hab ich gemacht :)

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0\ deleted successfully.

C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\11-suche.xml moved successfully.

C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\englische-ergebnisse.xml moved successfully.

C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\gmx-suche.xml moved successfully.

C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\lastminute.xml moved successfully.

C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\searchplugins\webde-suche.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivX Download Manager deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b35bf3e-1b86-11e0-9eab-002215153c9f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b35bf3e-1b86-11e0-9eab-002215153c9f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b35bf3e-1b86-11e0-9eab-002215153c9f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b35bf3e-1b86-11e0-9eab-002215153c9f}\ not found.

File J:\pushinst.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Sophie

->Temp folder emptied: 1857741 bytes

->Temporary Internet Files folder emptied: 3267693 bytes

->Java cache emptied: 1832863 bytes

->FireFox cache emptied: 67042170 bytes

->Google Chrome cache emptied: 71582758 bytes

->Flash cache emptied: 34415 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3272 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 139,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.1 log created on 03272012_234020
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

wozu eigentlich ? Bzw. was bedeutet dieses "fixen" ?
lg :)

Zitat:

wozu eigentlich ? Bzw. was bedeutet dieses "fixen" ?

Rate mal was man machen muss um Schädlinge zu entfernen?
Außerdme darfst du zwecks Übersetzzung auch ruhig mal sowas wie pons oder LEO verwenden, das TB ist kein Dictionary :rolleyes:

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Tut mir leid dass ich gefragt habe, aber ich dachte wenn man hier etwas nicht versteht darf man auch nachfragen :) Mir ist schon klar was to fix übersetzt heißt nur verstehe ich nichts von Viren u.ä. und ich weiß auch nicht was fixen in dem Zusammenhang genau bedeuten soll. Ist ja auch egal, solange dieser Schädling am Ende weg ist :P

So, ich hab das mit diesem TDSS-Killer gemacht :

Code:

 

12:54:54.0975 3904        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

12:54:54.0999 3904        ============================================================

12:54:54.0999 3904        Current date / time: 2012/03/29 12:54:54.0999

12:54:54.0999 3904        SystemInfo:

12:54:54.0999 3904        

12:54:54.0999 3904        OS Version: 6.1.7600 ServicePack: 0.0

12:54:54.0999 3904        Product type: Workstation

12:54:54.0999 3904        ComputerName: SOPHIE-PC

12:54:54.0999 3904        UserName: Sophie

12:54:54.0999 3904        Windows directory: C:\Windows

12:54:54.0999 3904        System windows directory: C:\Windows

12:54:54.0999 3904        Processor architecture: Intel x86

12:54:54.0999 3904        Number of processors: 2

12:54:54.0999 3904        Page size: 0x1000

12:54:54.0999 3904        Boot type: Normal boot

12:54:54.0999 3904        ============================================================

12:54:56.0405 3904        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

12:54:56.0417 3904        \Device\Harddisk0\DR0:

12:54:56.0417 3904        MBR used

12:54:56.0417 3904        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38EF4800

12:54:56.0417 3904        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x38EF5483, BlocksNum 0x148F7BE

12:54:56.0552 3904        Initialize success

12:54:56.0552 3904        ============================================================

12:56:20.0945 3476        ============================================================

12:56:20.0945 3476        Scan started

12:56:20.0945 3476        Mode: Manual; SigCheck; TDLFS; 

12:56:20.0945 3476        ============================================================

12:56:21.0651 3476        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

12:56:21.0720 3476        1394ohci - ok

12:56:21.0772 3476        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

12:56:21.0786 3476        ACPI - ok

12:56:21.0842 3476        AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

12:56:21.0872 3476        AcpiPmi - ok

12:56:22.0093 3476        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

12:56:22.0102 3476        AdobeARMservice - ok

12:56:22.0235 3476        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

12:56:22.0252 3476        adp94xx - ok

12:56:22.0287 3476        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

12:56:22.0301 3476        adpahci - ok

12:56:22.0329 3476        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

12:56:22.0339 3476        adpu320 - ok

12:56:22.0401 3476        AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

12:56:22.0483 3476        AeLookupSvc - ok

12:56:22.0583 3476        AFD             (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

12:56:22.0649 3476        AFD - ok

12:56:22.0691 3476        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

12:56:22.0701 3476        agp440 - ok

12:56:22.0753 3476        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

12:56:22.0764 3476        aic78xx - ok

12:56:22.0829 3476        ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

12:56:22.0899 3476        ALG - ok

12:56:22.0957 3476        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

12:56:22.0965 3476        aliide - ok

12:56:22.0997 3476        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

12:56:23.0006 3476        amdagp - ok

12:56:23.0023 3476        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

12:56:23.0032 3476        amdide - ok

12:56:23.0105 3476        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

12:56:23.0139 3476        AmdK8 - ok

12:56:23.0178 3476        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

12:56:23.0204 3476        AmdPPM - ok

12:56:23.0241 3476        amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

12:56:23.0250 3476        amdsata - ok

12:56:23.0290 3476        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

12:56:23.0300 3476        amdsbs - ok

12:56:23.0323 3476        amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

12:56:23.0332 3476        amdxata - ok

12:56:23.0457 3476        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe

12:56:23.0477 3476        AntiVirSchedulerService - ok

12:56:23.0537 3476        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

12:56:23.0545 3476        AntiVirService - ok

12:56:23.0577 3476        AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

12:56:23.0640 3476        AppID - ok

12:56:23.0735 3476        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

12:56:23.0812 3476        AppIDSvc - ok

12:56:23.0839 3476        Appinfo         (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll

12:56:23.0880 3476        Appinfo - ok

12:56:24.0032 3476        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:56:24.0040 3476        Apple Mobile Device - ok

12:56:24.0116 3476        AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

12:56:24.0143 3476        AppMgmt - ok

12:56:24.0252 3476        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

12:56:24.0261 3476        arc - ok

12:56:24.0291 3476        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

12:56:24.0302 3476        arcsas - ok

12:56:24.0337 3476        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

12:56:24.0392 3476        AsyncMac - ok

12:56:24.0429 3476        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

12:56:24.0438 3476        atapi - ok

12:56:24.0520 3476        AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

12:56:24.0583 3476        AudioEndpointBuilder - ok

12:56:24.0621 3476        Audiosrv        (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

12:56:24.0650 3476        Audiosrv - ok

12:56:24.0714 3476        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

12:56:24.0741 3476        avgntflt - ok

12:56:24.0780 3476        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

12:56:24.0796 3476        avipbb - ok

12:56:24.0906 3476        AVM WLAN Connection Service (d1a9ae485fff7c72ca50d8949b2210b9) C:\Program Files\avmwlanstick\WlanNetService.exe

12:56:24.0941 3476        AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning

12:56:24.0941 3476        AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)

12:56:24.0999 3476        avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys

12:56:25.0023 3476        avmeject ( UnsignedFile.Multi.Generic ) - warning

12:56:25.0023 3476        avmeject - detected UnsignedFile.Multi.Generic (1)

12:56:25.0112 3476        AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll

12:56:25.0164 3476        AxInstSV - ok

12:56:25.0258 3476        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

12:56:25.0305 3476        b06bdrv - ok

12:56:25.0381 3476        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

12:56:25.0395 3476        b57nd60x - ok

12:56:25.0511 3476        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

12:56:25.0534 3476        BDESVC - ok

12:56:25.0566 3476        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

12:56:25.0614 3476        Beep - ok

12:56:25.0713 3476        BFE             (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll

12:56:25.0842 3476        BFE - ok

12:56:25.0904 3476        BITS            (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll

12:56:25.0980 3476        BITS - ok

12:56:26.0071 3476        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

12:56:26.0083 3476        blbdrive - ok

12:56:26.0243 3476        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

12:56:26.0255 3476        Bonjour Service - ok

12:56:26.0285 3476        bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

12:56:26.0327 3476        bowser - ok

12:56:26.0367 3476        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:56:26.0425 3476        BrFiltLo - ok

12:56:26.0452 3476        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:56:26.0482 3476        BrFiltUp - ok

12:56:26.0538 3476        Browser         (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll

12:56:26.0563 3476        Browser - ok

12:56:26.0603 3476        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

12:56:26.0645 3476        Brserid - ok

12:56:26.0691 3476        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

12:56:26.0722 3476        BrSerWdm - ok

12:56:26.0755 3476        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

12:56:26.0787 3476        BrUsbMdm - ok

12:56:26.0814 3476        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

12:56:26.0837 3476        BrUsbSer - ok

12:56:26.0867 3476        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

12:56:26.0890 3476        BTHMODEM - ok

12:56:26.0981 3476        bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

12:56:27.0007 3476        bthserv - ok

12:56:27.0054 3476        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

12:56:27.0103 3476        cdfs - ok

12:56:27.0170 3476        cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

12:56:27.0204 3476        cdrom - ok

12:56:27.0294 3476        CertPropSvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

12:56:27.0347 3476        CertPropSvc - ok

12:56:27.0377 3476        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

12:56:27.0391 3476        circlass - ok

12:56:27.0437 3476        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

12:56:27.0456 3476        CLFS - ok

12:56:27.0571 3476        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:56:27.0581 3476        clr_optimization_v2.0.50727_32 - ok

12:56:27.0712 3476        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:56:27.0721 3476        clr_optimization_v4.0.30319_32 - ok

12:56:27.0821 3476        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

12:56:27.0833 3476        CmBatt - ok

12:56:27.0875 3476        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

12:56:27.0884 3476        cmdide - ok

12:56:27.0923 3476        CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

12:56:27.0954 3476        CNG - ok

12:56:27.0971 3476        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

12:56:27.0981 3476        Compbatt - ok

12:56:28.0016 3476        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

12:56:28.0029 3476        CompositeBus - ok

12:56:28.0051 3476        COMSysApp - ok

12:56:28.0070 3476        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

12:56:28.0079 3476        crcdisk - ok

12:56:28.0150 3476        CryptSvc        (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll

12:56:28.0205 3476        CryptSvc - ok

12:56:28.0267 3476        CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

12:56:28.0313 3476        CSC - ok

12:56:28.0370 3476        CscService      (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll

12:56:28.0409 3476        CscService - ok

12:56:28.0490 3476        DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

12:56:28.0550 3476        DcomLaunch - ok

12:56:28.0613 3476        defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

12:56:28.0666 3476        defragsvc - ok

12:56:28.0812 3476        DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

12:56:28.0836 3476        DfsC - ok

12:56:28.0908 3476        Dhcp            (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll

12:56:28.0924 3476        Dhcp - ok

12:56:28.0994 3476        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

12:56:29.0041 3476        discache - ok

12:56:29.0095 3476        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

12:56:29.0104 3476        Disk - ok

12:56:29.0166 3476        Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll

12:56:29.0222 3476        Dnscache - ok

12:56:29.0283 3476        dot3svc         (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll

12:56:29.0336 3476        dot3svc - ok

12:56:29.0418 3476        dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

12:56:29.0433 3476        dot4 - ok

12:56:29.0465 3476        Dot4Print       (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys

12:56:29.0498 3476        Dot4Print - ok

12:56:29.0542 3476        dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

12:56:29.0576 3476        dot4usb - ok

12:56:29.0615 3476        DPS             (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll

12:56:29.0665 3476        DPS - ok

12:56:29.0741 3476        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

12:56:29.0765 3476        drmkaud - ok

12:56:29.0837 3476        DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

12:56:29.0875 3476        DXGKrnl - ok

12:56:29.0893 3476        EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

12:56:29.0918 3476        EapHost - ok

12:56:30.0039 3476        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

12:56:30.0144 3476        ebdrv - ok

12:56:30.0200 3476        EFS             (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe

12:56:30.0225 3476        EFS - ok

12:56:30.0318 3476        ehRecvr         (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe

12:56:30.0386 3476        ehRecvr - ok

12:56:30.0434 3476        ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

12:56:30.0471 3476        ehSched - ok

12:56:30.0590 3476        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

12:56:30.0609 3476        elxstor - ok

12:56:30.0650 3476        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

12:56:30.0676 3476        ErrDev - ok

12:56:30.0776 3476        EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

12:56:30.0805 3476        EventSystem - ok

12:56:30.0847 3476        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

12:56:30.0873 3476        exfat - ok

12:56:30.0902 3476        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

12:56:30.0962 3476        fastfat - ok

12:56:31.0027 3476        Fax             (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe

12:56:31.0098 3476        Fax - ok

12:56:31.0125 3476        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

12:56:31.0165 3476        fdc - ok

12:56:31.0208 3476        fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

12:56:31.0257 3476        fdPHost - ok

12:56:31.0303 3476        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

12:56:31.0330 3476        FDResPub - ok

12:56:31.0356 3476        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

12:56:31.0367 3476        FileInfo - ok

12:56:31.0395 3476        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

12:56:31.0421 3476        Filetrace - ok

12:56:31.0446 3476        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

12:56:31.0487 3476        flpydisk - ok

12:56:31.0537 3476        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

12:56:31.0550 3476        FltMgr - ok

12:56:31.0624 3476        FontCache       (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll

12:56:31.0715 3476        FontCache - ok

12:56:31.0854 3476        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

12:56:31.0862 3476        FontCache3.0.0.0 - ok

12:56:31.0967 3476        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

12:56:31.0977 3476        FsDepends - ok

12:56:32.0037 3476        fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

12:56:32.0043 3476        fssfltr - ok

12:56:32.0224 3476        fsssvc          (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

12:56:32.0277 3476        fsssvc - ok

12:56:32.0317 3476        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

12:56:32.0326 3476        Fs_Rec - ok

12:56:32.0402 3476        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

12:56:32.0418 3476        fvevol - ok

12:56:32.0499 3476        fwlanusbn       (161f20685595eddc06c0ea1f1d7bc92b) C:\Windows\system32\DRIVERS\fwlanusbn.sys

12:56:32.0540 3476        fwlanusbn - ok

12:56:32.0583 3476        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

12:56:32.0593 3476        gagp30kx - ok

12:56:32.0643 3476        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:56:32.0651 3476        GEARAspiWDM - ok

12:56:32.0714 3476        gpsvc           (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll

12:56:32.0754 3476        gpsvc - ok

12:56:32.0909 3476        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

12:56:32.0917 3476        gupdate - ok

12:56:32.0931 3476        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

12:56:32.0938 3476        gupdatem - ok

12:56:32.0993 3476        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

12:56:33.0058 3476        hcw85cir - ok

12:56:33.0128 3476        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

12:56:33.0175 3476        HdAudAddService - ok

12:56:33.0231 3476        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

12:56:33.0272 3476        HDAudBus - ok

12:56:33.0313 3476        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

12:56:33.0349 3476        HidBatt - ok

12:56:33.0385 3476        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

12:56:33.0417 3476        HidBth - ok

12:56:33.0485 3476        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

12:56:33.0498 3476        HidIr - ok

12:56:33.0548 3476        hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

12:56:33.0583 3476        hidserv - ok

12:56:33.0636 3476        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

12:56:33.0673 3476        HidUsb - ok

12:56:33.0733 3476        hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll

12:56:33.0759 3476        hkmsvc - ok

12:56:33.0791 3476        HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll

12:56:33.0845 3476        HomeGroupListener - ok

12:56:33.0901 3476        HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll

12:56:33.0948 3476        HomeGroupProvider - ok

12:56:34.0098 3476        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

12:56:34.0108 3476        HpSAMD - ok

12:56:34.0154 3476        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

12:56:34.0219 3476        HTTP - ok

12:56:34.0266 3476        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

12:56:34.0276 3476        hwpolicy - ok

12:56:34.0318 3476        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

12:56:34.0350 3476        i8042prt - ok

12:56:34.0416 3476        iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

12:56:34.0433 3476        iaStorV - ok

12:56:34.0567 3476        idsvc           (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:56:34.0604 3476        idsvc - ok

12:56:34.0643 3476        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

12:56:34.0653 3476        iirsp - ok

12:56:34.0724 3476        IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll

12:56:34.0796 3476        IKEEXT - ok

12:56:34.0847 3476        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

12:56:34.0856 3476        intelide - ok

12:56:34.0938 3476        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

12:56:34.0951 3476        intelppm - ok

12:56:34.0981 3476        IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

12:56:35.0029 3476        IPBusEnum - ok

12:56:35.0073 3476        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:56:35.0098 3476        IpFilterDriver - ok

12:56:35.0134 3476        iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll

12:56:35.0169 3476        iphlpsvc - ok

12:56:35.0200 3476        IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

12:56:35.0216 3476        IPMIDRV - ok

12:56:35.0244 3476        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

12:56:35.0293 3476        IPNAT - ok

12:56:35.0431 3476        iPod Service    (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe

12:56:35.0464 3476        iPod Service - ok

12:56:35.0502 3476        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

12:56:35.0517 3476        IRENUM - ok

12:56:35.0543 3476        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

12:56:35.0555 3476        isapnp - ok

12:56:35.0583 3476        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

12:56:35.0595 3476        iScsiPrt - ok

12:56:35.0643 3476        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

12:56:35.0653 3476        kbdclass - ok

12:56:35.0691 3476        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

12:56:35.0727 3476        kbdhid - ok

12:56:35.0791 3476        KeyIso          (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

12:56:35.0804 3476        KeyIso - ok

12:56:35.0832 3476        KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

12:56:35.0842 3476        KSecDD - ok

12:56:35.0903 3476        KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

12:56:35.0915 3476        KSecPkg - ok

12:56:35.0946 3476        KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

12:56:36.0002 3476        KtmRm - ok

12:56:36.0083 3476        LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll

12:56:36.0113 3476        LanmanServer - ok

12:56:36.0187 3476        LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll

12:56:36.0218 3476        LanmanWorkstation - ok

12:56:36.0339 3476        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

12:56:36.0391 3476        lltdio - ok

12:56:36.0449 3476        lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

12:56:36.0483 3476        lltdsvc - ok

12:56:36.0507 3476        lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

12:56:36.0543 3476        lmhosts - ok

12:56:36.0588 3476        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

12:56:36.0599 3476        LSI_FC - ok

12:56:36.0627 3476        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

12:56:36.0637 3476        LSI_SAS - ok

12:56:36.0666 3476        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:56:36.0675 3476        LSI_SAS2 - ok

12:56:36.0708 3476        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:56:36.0719 3476        LSI_SCSI - ok

12:56:36.0747 3476        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

12:56:36.0781 3476        luafv - ok

12:56:36.0857 3476        LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys

12:56:36.0872 3476        LVPr2Mon - ok

12:56:37.0026 3476        LVPrcSrv        (2333057542c91ae8228bdccc2e5f2632) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

12:56:37.0034 3476        LVPrcSrv - ok

12:56:37.0102 3476        LVRS            (e52f5a2cadcf08d07f559962f807a0a2) C:\Windows\system32\DRIVERS\lvrs.sys

12:56:37.0125 3476        LVRS - ok

12:56:37.0304 3476        LVUVC           (c3d02260beb2b48dea1efdfca91e4b69) C:\Windows\system32\DRIVERS\lvuvc.sys

12:56:37.0512 3476        LVUVC - ok

12:56:37.0580 3476        Mcx2Svc         (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll

12:56:37.0592 3476        Mcx2Svc - ok

12:56:37.0660 3476        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

12:56:37.0669 3476        megasas - ok

12:56:37.0714 3476        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

12:56:37.0727 3476        MegaSR - ok

12:56:37.0784 3476        MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

12:56:37.0810 3476        MMCSS - ok

12:56:37.0854 3476        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

12:56:37.0892 3476        Modem - ok

12:56:37.0936 3476        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

12:56:37.0975 3476        monitor - ok

12:56:38.0029 3476        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

12:56:38.0039 3476        mouclass - ok

12:56:38.0075 3476        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

12:56:38.0112 3476        mouhid - ok

12:56:38.0159 3476        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

12:56:38.0169 3476        mountmgr - ok

12:56:38.0206 3476        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

12:56:38.0221 3476        mpio - ok

12:56:38.0240 3476        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

12:56:38.0293 3476        mpsdrv - ok

12:56:38.0361 3476        MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll

12:56:38.0398 3476        MpsSvc - ok

12:56:38.0423 3476        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

12:56:38.0439 3476        MRxDAV - ok

12:56:38.0518 3476        mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:56:38.0531 3476        mrxsmb - ok

12:56:38.0558 3476        mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:56:38.0598 3476        mrxsmb10 - ok

12:56:38.0643 3476        mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:56:38.0656 3476        mrxsmb20 - ok

12:56:38.0680 3476        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

12:56:38.0690 3476        msahci - ok

12:56:38.0727 3476        msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

12:56:38.0737 3476        msdsm - ok

12:56:38.0792 3476        MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

12:56:38.0806 3476        MSDTC - ok

12:56:38.0855 3476        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

12:56:38.0881 3476        Msfs - ok

12:56:38.0905 3476        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

12:56:38.0957 3476        mshidkmdf - ok

12:56:39.0005 3476        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

12:56:39.0014 3476        msisadrv - ok

12:56:39.0090 3476        MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

12:56:39.0123 3476        MSiSCSI - ok

12:56:39.0131 3476        msiserver - ok

12:56:39.0189 3476        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

12:56:39.0237 3476        MSKSSRV - ok

12:56:39.0287 3476        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

12:56:39.0333 3476        MSPCLOCK - ok

12:56:39.0369 3476        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

12:56:39.0421 3476        MSPQM - ok

12:56:39.0469 3476        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

12:56:39.0482 3476        MsRPC - ok

12:56:39.0506 3476        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

12:56:39.0515 3476        mssmbios - ok

12:56:39.0563 3476        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

12:56:39.0586 3476        MSTEE - ok

12:56:39.0614 3476        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

12:56:39.0625 3476        MTConfig - ok

12:56:39.0663 3476        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

12:56:39.0672 3476        Mup - ok

12:56:39.0765 3476        napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll

12:56:39.0824 3476        napagent - ok

12:56:39.0875 3476        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

12:56:39.0919 3476        NativeWifiP - ok

12:56:39.0980 3476        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

12:56:40.0015 3476        NDIS - ok

12:56:40.0067 3476        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

12:56:40.0091 3476        NdisCap - ok

12:56:40.0145 3476        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

12:56:40.0170 3476        NdisTapi - ok

12:56:40.0208 3476        Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

12:56:40.0238 3476        Ndisuio - ok

12:56:40.0264 3476        NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

12:56:40.0291 3476        NdisWan - ok

12:56:40.0323 3476        NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

12:56:40.0348 3476        NDProxy - ok

12:56:40.0374 3476        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

12:56:40.0427 3476        NetBIOS - ok

12:56:40.0476 3476        NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

12:56:40.0525 3476        NetBT - ok

12:56:40.0574 3476        Netlogon        (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

12:56:40.0586 3476        Netlogon - ok

12:56:40.0628 3476        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

12:56:40.0686 3476        Netman - ok

12:56:40.0738 3476        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

12:56:40.0788 3476        netprofm - ok

12:56:40.0939 3476        NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:56:40.0950 3476        NetTcpPortSharing - ok

12:56:41.0062 3476        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

12:56:41.0072 3476        nfrd960 - ok

12:56:41.0106 3476        NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll

12:56:41.0135 3476        NlaSvc - ok

12:56:41.0173 3476        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

12:56:41.0200 3476        Npfs - ok

12:56:41.0258 3476        nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

12:56:41.0284 3476        nsi - ok

12:56:41.0305 3476        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

12:56:41.0357 3476        nsiproxy - ok

12:56:41.0434 3476        Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

12:56:41.0491 3476        Ntfs - ok

12:56:41.0513 3476        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

12:56:41.0539 3476        Null - ok

12:56:41.0799 3476        nvlddmkm        (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys

12:56:42.0077 3476        nvlddmkm - ok

12:56:42.0125 3476        nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

12:56:42.0136 3476        nvraid - ok

12:56:42.0165 3476        nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

12:56:42.0175 3476        nvstor - ok

12:56:42.0202 3476        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

12:56:42.0212 3476        nv_agp - ok

12:56:42.0243 3476        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

12:56:42.0279 3476        ohci1394 - ok

12:56:42.0434 3476        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:56:42.0444 3476        ose - ok

12:56:42.0611 3476        osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:56:42.0756 3476        osppsvc - ok

12:56:42.0901 3476        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

12:56:42.0933 3476        p2pimsvc - ok

12:56:42.0997 3476        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

12:56:43.0039 3476        p2psvc - ok

12:56:43.0178 3476        PAC207          (dca942c0a19a0ad2abcd9acf94eb4b10) C:\Windows\system32\DRIVERS\PFC027.SYS

12:56:43.0221 3476        PAC207 - ok

12:56:43.0279 3476        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

12:56:43.0315 3476        Parport - ok

12:56:43.0360 3476        partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

12:56:43.0370 3476        partmgr - ok

12:56:43.0394 3476        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

12:56:43.0427 3476        Parvdm - ok

12:56:43.0486 3476        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

12:56:43.0502 3476        PcaSvc - ok

12:56:43.0532 3476        pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

12:56:43.0542 3476        pci - ok

12:56:43.0577 3476        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

12:56:43.0585 3476        pciide - ok

12:56:43.0631 3476        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

12:56:43.0642 3476        pcmcia - ok

12:56:43.0680 3476        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

12:56:43.0689 3476        pcw - ok

12:56:43.0743 3476        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

12:56:43.0818 3476        PEAUTH - ok

12:56:43.0905 3476        PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

12:56:44.0019 3476        PeerDistSvc - ok

12:56:44.0119 3476        pla             (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll

12:56:44.0204 3476        pla - ok

12:56:44.0264 3476        PlugPlay        (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll

12:56:44.0296 3476        PlugPlay - ok

12:56:44.0326 3476        PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

12:56:44.0351 3476        PNRPAutoReg - ok

12:56:44.0387 3476        PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

12:56:44.0402 3476        PNRPsvc - ok

12:56:44.0460 3476        PolicyAgent     (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll

12:56:44.0517 3476        PolicyAgent - ok

12:56:44.0581 3476        Power           (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll

12:56:44.0608 3476        Power - ok

12:56:44.0724 3476        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

12:56:44.0776 3476        PptpMiniport - ok

12:56:44.0834 3476        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

12:56:44.0869 3476        Processor - ok

12:56:44.0948 3476        ProfSvc         (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll

12:56:44.0980 3476        ProfSvc - ok

12:56:45.0044 3476        ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

12:56:45.0056 3476        ProtectedStorage - ok

12:56:45.0131 3476        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

12:56:45.0183 3476        Psched - ok

12:56:45.0254 3476        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

12:56:45.0308 3476        ql2300 - ok

12:56:45.0339 3476        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

12:56:45.0350 3476        ql40xx - ok

12:56:45.0415 3476        QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

12:56:45.0466 3476        QWAVE - ok

12:56:45.0510 3476        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

12:56:45.0551 3476        QWAVEdrv - ok

12:56:45.0604 3476        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

12:56:45.0653 3476        RasAcd - ok

12:56:45.0730 3476        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

12:56:45.0784 3476        RasAgileVpn - ok

12:56:45.0829 3476        RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

12:56:45.0857 3476        RasAuto - ok

12:56:45.0885 3476        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:56:45.0938 3476        Rasl2tp - ok

12:56:45.0994 3476        RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll

12:56:46.0026 3476        RasMan - ok

12:56:46.0090 3476        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

12:56:46.0138 3476        RasPppoe - ok

12:56:46.0191 3476        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

12:56:46.0221 3476        RasSstp - ok

12:56:46.0251 3476        rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

12:56:46.0281 3476        rdbss - ok

12:56:46.0306 3476        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

12:56:46.0320 3476        rdpbus - ok

12:56:46.0339 3476        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:56:46.0365 3476        RDPCDD - ok

12:56:46.0429 3476        RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

12:56:46.0500 3476        RDPDR - ok

12:56:46.0539 3476        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

12:56:46.0563 3476        RDPENCDD - ok

12:56:46.0592 3476        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

12:56:46.0648 3476        RDPREFMP - ok

12:56:46.0698 3476        RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

12:56:46.0729 3476        RDPWD - ok

12:56:46.0764 3476        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

12:56:46.0776 3476        rdyboost - ok

12:56:46.0833 3476        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

12:56:46.0889 3476        RemoteAccess - ok

12:56:46.0954 3476        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

12:56:46.0986 3476        RemoteRegistry - ok

12:56:47.0024 3476        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

12:56:47.0049 3476        RpcEptMapper - ok

12:56:47.0108 3476        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

12:56:47.0134 3476        RpcLocator - ok

12:56:47.0173 3476        RpcSs           (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

12:56:47.0203 3476        RpcSs - ok

12:56:47.0325 3476        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

12:56:47.0349 3476        rspndr - ok

12:56:47.0425 3476        RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys

12:56:47.0439 3476        RTL8167 - ok

12:56:47.0494 3476        s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

12:56:47.0511 3476        s3cap - ok

12:56:47.0563 3476        SamSs           (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

12:56:47.0575 3476        SamSs - ok

12:56:47.0615 3476        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

12:56:47.0625 3476        sbp2port - ok

12:56:47.0697 3476        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

12:56:47.0755 3476        SCardSvr - ok

12:56:47.0796 3476        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

12:56:47.0845 3476        scfilter - ok

12:56:47.0913 3476        Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll

12:56:47.0970 3476        Schedule - ok

12:56:48.0029 3476        SCPolicySvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

12:56:48.0053 3476        SCPolicySvc - ok

12:56:48.0111 3476        SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll

12:56:48.0170 3476        SDRSVC - ok

12:56:48.0272 3476        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

12:56:48.0321 3476        secdrv - ok

12:56:48.0362 3476        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

12:56:48.0407 3476        seclogon - ok

12:56:48.0457 3476        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

12:56:48.0512 3476        SENS - ok

12:56:48.0611 3476        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

12:56:48.0675 3476        SensrSvc - ok

12:56:48.0784 3476        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

12:56:48.0794 3476        Serenum - ok

12:56:48.0826 3476        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

12:56:48.0847 3476        Serial - ok

12:56:48.0896 3476        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

12:56:48.0907 3476        sermouse - ok

12:56:48.0974 3476        SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll

12:56:49.0027 3476        SessionEnv - ok

12:56:49.0059 3476        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

12:56:49.0093 3476        sffdisk - ok

12:56:49.0128 3476        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

12:56:49.0141 3476        sffp_mmc - ok

12:56:49.0160 3476        sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

12:56:49.0192 3476        sffp_sd - ok

12:56:49.0209 3476        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

12:56:49.0232 3476        sfloppy - ok

12:56:49.0283 3476        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

12:56:49.0314 3476        SharedAccess - ok

12:56:49.0388 3476        ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll

12:56:49.0427 3476        ShellHWDetection - ok

12:56:49.0464 3476        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

12:56:49.0475 3476        sisagp - ok

12:56:49.0518 3476        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:56:49.0528 3476        SiSRaid2 - ok

12:56:49.0558 3476        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

12:56:49.0567 3476        SiSRaid4 - ok

12:56:49.0598 3476        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

12:56:49.0653 3476        Smb - ok

12:56:49.0751 3476        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

12:56:49.0765 3476        SNMPTRAP - ok

12:56:49.0792 3476        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

12:56:49.0802 3476        spldr - ok

12:56:49.0887 3476        Spooler         (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe

12:56:49.0916 3476        Spooler - ok

12:56:49.0933 3476        sppsvc - ok

12:56:49.0949 3476        sppuinotify - ok

12:56:50.0013 3476        srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

12:56:50.0051 3476        srv - ok

12:56:50.0118 3476        srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

12:56:50.0158 3476        srv2 - ok

12:56:50.0215 3476        srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

12:56:50.0250 3476        srvnet - ok

12:56:50.0311 3476        SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

12:56:50.0338 3476        SSDPSRV - ok

12:56:50.0397 3476        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

12:56:50.0404 3476        ssmdrv - ok

12:56:50.0431 3476        SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

12:56:50.0469 3476        SstpSvc - ok

12:56:50.0527 3476        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

12:56:50.0536 3476        stexstor - ok

12:56:50.0571 3476        StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll

12:56:50.0607 3476        StiSvc - ok

12:56:50.0676 3476        storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

12:56:50.0686 3476        storflt - ok

12:56:50.0741 3476        StorSvc         (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll

12:56:50.0772 3476        StorSvc - ok

12:56:50.0810 3476        storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

12:56:50.0819 3476        storvsc - ok

12:56:50.0881 3476        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

12:56:50.0890 3476        swenum - ok

12:56:50.0967 3476        swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

12:56:50.0998 3476        swprv - ok

12:56:51.0039 3476        SysMain         (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll

12:56:51.0103 3476        SysMain - ok

12:56:51.0143 3476        TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll

12:56:51.0181 3476        TabletInputService - ok

12:56:51.0225 3476        TapiSrv         (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll

12:56:51.0254 3476        TapiSrv - ok

12:56:51.0284 3476        TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

12:56:51.0332 3476        TBS - ok

12:56:51.0453 3476        Tcpip           (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys

12:56:51.0507 3476        Tcpip - ok

12:56:51.0561 3476        TCPIP6          (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys

12:56:51.0589 3476        TCPIP6 - ok

12:56:51.0659 3476        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

12:56:51.0705 3476        tcpipreg - ok

12:56:51.0750 3476        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

12:56:51.0797 3476        TDPIPE - ok

12:56:51.0837 3476        TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

12:56:51.0888 3476        TDTCP - ok

12:56:51.0932 3476        tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

12:56:51.0987 3476        tdx - ok

12:56:52.0030 3476        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

12:56:52.0041 3476        TermDD - ok

12:56:52.0112 3476        TermService     (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll

12:56:52.0160 3476        TermService - ok

12:56:52.0183 3476        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

12:56:52.0200 3476        Themes - ok

12:56:52.0261 3476        THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

12:56:52.0288 3476        THREADORDER - ok

12:56:52.0331 3476        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

12:56:52.0382 3476        TrkWks - ok

12:56:52.0481 3476        TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe

12:56:52.0496 3476        TrustedInstaller - ok

12:56:52.0603 3476        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:56:52.0627 3476        tssecsrv - ok

12:56:52.0663 3476        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

12:56:52.0688 3476        tunnel - ok

12:56:52.0721 3476        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

12:56:52.0732 3476        uagp35 - ok

12:56:52.0757 3476        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

12:56:52.0786 3476        udfs - ok

12:56:52.0854 3476        UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

12:56:52.0868 3476        UI0Detect - ok

12:56:52.0908 3476        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

12:56:52.0917 3476        uliagpkx - ok

12:56:52.0958 3476        umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

12:56:52.0978 3476        umbus - ok

12:56:53.0001 3476        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

12:56:53.0041 3476        UmPass - ok

12:56:53.0099 3476        UmRdpService    (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll

12:56:53.0113 3476        UmRdpService - ok

12:56:53.0176 3476        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

12:56:53.0206 3476        upnphost - ok

12:56:53.0265 3476        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

12:56:53.0312 3476        USBAAPL - ok

12:56:53.0394 3476        usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys

12:56:53.0409 3476        usbaudio - ok

12:56:53.0468 3476        usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

12:56:53.0504 3476        usbccgp - ok

12:56:53.0536 3476        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

12:56:53.0563 3476        usbcir - ok

12:56:53.0608 3476        usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

12:56:53.0651 3476        usbehci - ok

12:56:53.0708 3476        usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

12:56:53.0725 3476        usbhub - ok

12:56:53.0763 3476        usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

12:56:53.0787 3476        usbohci - ok

12:56:53.0805 3476        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

12:56:53.0820 3476        usbprint - ok

12:56:53.0860 3476        USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:56:53.0873 3476        USBSTOR - ok

12:56:53.0896 3476        usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

12:56:53.0925 3476        usbuhci - ok

12:56:53.0987 3476        UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

12:56:54.0036 3476        UxSms - ok

12:56:54.0120 3476        VaultSvc        (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

12:56:54.0131 3476        VaultSvc - ok

12:56:54.0163 3476        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

12:56:54.0172 3476        vdrvroot - ok

12:56:54.0202 3476        vds             (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe

12:56:54.0248 3476        vds - ok

12:56:54.0278 3476        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

12:56:54.0291 3476        vga - ok

12:56:54.0333 3476        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

12:56:54.0358 3476        VgaSave - ok

12:56:54.0400 3476        vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

12:56:54.0412 3476        vhdmp - ok

12:56:54.0468 3476        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

12:56:54.0479 3476        viaagp - ok

12:56:54.0498 3476        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

12:56:54.0520 3476        ViaC7 - ok

12:56:54.0565 3476        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

12:56:54.0574 3476        viaide - ok

12:56:54.0635 3476        vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

12:56:54.0647 3476        vmbus - ok

12:56:54.0677 3476        VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

12:56:54.0688 3476        VMBusHID - ok

12:56:54.0724 3476        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

12:56:54.0734 3476        volmgr - ok

12:56:54.0768 3476        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

12:56:54.0784 3476        volmgrx - ok

12:56:54.0809 3476        volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

12:56:54.0823 3476        volsnap - ok

12:56:54.0875 3476        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

12:56:54.0886 3476        vsmraid - ok

12:56:54.0962 3476        VSS             (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe

12:56:55.0028 3476        VSS - ok

12:56:55.0069 3476        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

12:56:55.0108 3476        vwifibus - ok

12:56:55.0168 3476        W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

12:56:55.0221 3476        W32Time - ok

12:56:55.0255 3476        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

12:56:55.0266 3476        WacomPen - ok

12:56:55.0311 3476        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

12:56:55.0336 3476        WANARP - ok

12:56:55.0346 3476        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

12:56:55.0372 3476        Wanarpv6 - ok

12:56:55.0449 3476        WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

12:56:55.0505 3476        WatAdminSvc - ok

12:56:55.0591 3476        wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe

12:56:55.0656 3476        wbengine - ok

12:56:55.0688 3476        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

12:56:55.0707 3476        WbioSrvc - ok

12:56:55.0741 3476        wcncsvc         (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll

12:56:55.0761 3476        wcncsvc - ok

12:56:55.0789 3476        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

12:56:55.0814 3476        WcsPlugInService - ok

12:56:55.0914 3476        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

12:56:55.0923 3476        Wd - ok

12:56:55.0964 3476        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

12:56:55.0987 3476        Wdf01000 - ok

12:56:56.0016 3476        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

12:56:56.0057 3476        WdiServiceHost - ok

12:56:56.0068 3476        WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

12:56:56.0083 3476        WdiSystemHost - ok

12:56:56.0138 3476        WebClient       (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll

12:56:56.0187 3476        WebClient - ok

12:56:56.0228 3476        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

12:56:56.0257 3476        Wecsvc - ok

12:56:56.0288 3476        wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

12:56:56.0335 3476        wercplsupport - ok

12:56:56.0407 3476        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

12:56:56.0433 3476        WerSvc - ok

12:56:56.0550 3476        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

12:56:56.0575 3476        WfpLwf - ok

12:56:56.0622 3476        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

12:56:56.0630 3476        WIMMount - ok

12:56:56.0750 3476        WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

12:56:56.0775 3476        WinDefend - ok

12:56:56.0789 3476        WinHttpAutoProxySvc - ok

12:56:56.0891 3476        Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

12:56:56.0916 3476        Winmgmt - ok

12:56:56.0994 3476        WinRM           (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll

12:56:57.0082 3476        WinRM - ok

12:56:57.0166 3476        Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

12:56:57.0219 3476        Wlansvc - ok

12:56:57.0340 3476        wlcrasvc        (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

12:56:57.0348 3476        wlcrasvc - ok

12:56:57.0453 3476        wlidsvc         (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:56:57.0508 3476        wlidsvc - ok

12:56:57.0690 3476        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

12:56:57.0701 3476        WmiAcpi - ok

12:56:57.0804 3476        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

12:56:57.0830 3476        wmiApSrv - ok

12:56:57.0952 3476        WMPNetworkSvc   (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe

12:56:58.0033 3476        WMPNetworkSvc - ok

12:56:58.0091 3476        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

12:56:58.0122 3476        WPCSvc - ok

12:56:58.0151 3476        WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll

12:56:58.0166 3476        WPDBusEnum - ok

12:56:58.0267 3476        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

12:56:58.0321 3476        ws2ifsl - ok

12:56:58.0369 3476        wscsvc          (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll

12:56:58.0413 3476        wscsvc - ok

12:56:58.0429 3476        WSearch - ok

12:56:58.0511 3476        wuauserv        (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll

12:56:58.0591 3476        wuauserv - ok

12:56:58.0613 3476        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

12:56:58.0652 3476        WudfPf - ok

12:56:58.0677 3476        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:56:58.0704 3476        WUDFRd - ok

12:56:58.0750 3476        wudfsvc         (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll

12:56:58.0791 3476        wudfsvc - ok

12:56:58.0826 3476        WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

12:56:58.0872 3476        WwanSvc - ok

12:56:58.0920 3476        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

12:56:59.0077 3476        \Device\Harddisk0\DR0 - ok

12:56:59.0084 3476        Boot (0x1200)   (8f62431e572624191523d03ac111265e) \Device\Harddisk0\DR0\Partition0

12:56:59.0085 3476        \Device\Harddisk0\DR0\Partition0 - ok

12:56:59.0157 3476        Boot (0x1200)   (b9d072367bb973e2a4c177b15bb9d43f) \Device\Harddisk0\DR0\Partition1

12:56:59.0158 3476        \Device\Harddisk0\DR0\Partition1 - ok

12:56:59.0162 3476        ============================================================

12:56:59.0162 3476        Scan finished

12:56:59.0162 3476        ============================================================

12:56:59.0219 3988        Detected object count: 2

12:56:59.0219 3988        Actual detected object count: 2

12:57:33.0742 3988        AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user

12:57:33.0742 3988        AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

12:57:33.0747 3988        avmeject ( UnsignedFile.Multi.Generic ) - skipped by user

12:57:33.0747 3988        avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Okidoki, hier die Logdatei von dem ComboFix:

Combofix Logfile:

Code:

ComboFix 12-03-29.02 - Sophie 29.03.2012  18:25:30.1.2 - x86

Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3071.1809 [GMT 2:00]

ausgeführt von:: c:\users\Sophie\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Setup.exe

c:\programdata\app

c:\programdata\app\Mosaizer Pro 8\Libraries\Abschlussball =)(sophie s) 105.dat

c:\programdata\app\Mosaizer Pro 8\Libraries\Abschlussball =)(sophie s) 105.lst

c:\programdata\app\Mosaizer Pro 8\Libraries\AUSFLÜGE FERIEN REISEN =) 7264.dat

c:\programdata\app\Mosaizer Pro 8\Libraries\AUSFLÜGE FERIEN REISEN =) 7264.lst

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0001.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0002.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0003.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0004.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0005.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0006.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0007.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0008.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0009.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0010.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0011.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0012.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0013.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0014.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0015.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0016.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0017.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0018.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0019.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0020.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0021.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0022.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0023.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0024.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0025.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0026.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0027.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0028.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0029.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0030.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0031.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0032.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0033.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0034.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0035.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0036.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0037.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0038.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0039.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0040.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0041.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0042.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0043.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0044.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0045.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0046.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0047.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0048.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0049.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0050.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0051.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0052.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0053.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0054.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0055.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0056.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0057.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0058.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0059.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0060.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0061.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0062.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0063.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0064.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0065.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0066.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0067.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0068.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0069.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0070.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0071.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0072.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0073.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0074.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0075.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0076.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0077.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0078.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0079.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0080.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0081.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0082.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0083.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0084.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0085.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0086.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0087.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0088.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0089.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0090.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0091.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0092.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0093.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0094.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0095.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0096.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0097.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0098.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0099.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0100.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0101.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0102.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0103.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0104.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0105.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0106.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0107.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0108.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0109.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0110.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0111.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0112.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0113.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0114.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0115.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0116.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0117.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0118.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0119.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0120.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0121.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0122.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0123.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0124.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0125.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0126.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0127.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0128.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0129.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0130.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0131.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0132.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0133.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0134.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0135.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0136.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0137.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0138.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0139.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0140.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0141.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0142.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0143.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0144.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0145.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0146.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0147.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0148.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0149.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0150.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0151.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0152.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0153.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0154.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0155.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0156.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0157.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0158.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0159.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0160.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0161.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0162.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0163.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0164.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0165.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0166.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0167.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0168.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0169.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0170.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0171.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0172.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0173.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0174.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0175.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0176.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0177.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0178.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0179.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0180.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0181.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0182.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0183.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0184.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0185.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0186.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0187.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0188.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0189.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0190.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0191.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0192.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0193.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0194.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0195.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0196.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0197.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0198.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0199.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0200.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0201.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0202.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0203.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0204.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0205.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0206.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0207.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0208.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0209.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0210.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0211.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0212.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0213.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0214.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0215.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0216.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0217.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0218.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0219.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0220.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0221.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0222.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0223.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0224.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0225.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0226.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0227.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0228.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0229.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0230.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0231.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0232.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0233.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0234.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0235.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0236.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0237.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0238.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0239.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0240.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0241.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0242.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0243.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0244.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0245.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0246.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0247.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0248.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0249.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0250.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0251.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0252.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0253.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0254.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0255.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0256.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0257.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0258.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0259.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0260.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0261.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0262.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0263.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0264.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0265.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0266.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0267.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0268.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0269.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0270.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0271.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0272.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0273.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0274.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0275.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0276.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0277.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0278.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0279.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0280.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0281.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0282.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0283.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0284.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0285.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0286.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0287.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0288.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0289.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0290.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0291.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0292.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0293.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0294.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0295.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0296.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0297.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0298.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0299.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0300.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0301.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0302.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0303.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0304.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0305.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0306.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0307.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0308.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0309.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0310.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0311.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0312.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0313.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0314.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0315.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0316.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0317.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0318.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0319.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0320.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0321.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0322.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0323.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0324.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0325.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0326.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0327.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0328.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0329.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0330.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0331.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0332.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0333.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0334.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0335.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0336.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0337.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0338.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0339.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0340.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0341.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0342.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0343.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0344.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0345.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0346.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0347.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0348.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0349.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0350.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0351.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0352.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0353.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0354.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0355.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0356.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0357.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0358.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0359.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0360.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0361.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0362.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0363.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0364.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0365.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0366.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0367.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0368.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0369.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0370.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0371.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0372.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0373.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0374.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0375.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0376.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0377.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0378.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0379.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0380.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0381.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0382.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0383.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0384.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0385.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0386.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0387.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0388.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0389.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0390.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0391.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0392.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0393.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0394.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0395.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0396.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0397.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0398.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0399.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0400.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0401.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0402.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0403.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0404.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0405.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0406.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0407.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0408.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0409.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0410.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0411.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0412.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0413.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0414.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0415.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0416.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0417.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0418.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0419.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0420.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0421.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0422.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0423.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0424.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0425.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0426.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0427.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0428.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0429.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0430.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0431.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0432.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0433.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0434.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0435.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0436.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0437.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0438.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0439.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0440.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0441.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0442.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0443.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0444.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0445.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0446.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0447.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0448.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0449.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0450.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0451.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0452.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0453.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0454.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0455.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0456.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0457.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0458.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0459.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0460.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0461.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0462.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0463.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0464.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0465.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0466.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0467.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0468.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0469.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0470.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0471.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0472.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0473.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0474.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0475.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0476.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0477.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0478.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0479.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0480.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0481.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0482.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0483.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0484.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0485.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0486.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0487.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0488.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0489.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0490.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0491.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0492.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0493.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0494.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0495.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0496.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0497.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0498.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0499.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0500.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0501.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0502.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0503.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0504.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0505.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0506.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0507.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0508.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0509.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0510.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0511.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0512.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0513.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0514.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0515.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0516.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0517.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0518.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0519.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0520.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0521.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0522.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0523.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0524.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0525.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0526.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0527.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0528.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0529.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0530.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0531.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0532.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0533.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0534.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0535.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0536.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0537.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0538.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0539.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0540.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0541.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0542.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0543.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0544.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0545.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0546.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0547.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0548.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0549.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0550.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0551.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0552.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0553.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0554.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0555.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0556.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0557.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0558.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0559.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0560.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0561.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0562.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0563.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0564.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0565.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0566.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0567.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0568.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0569.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0570.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0571.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0572.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0573.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0574.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0575.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0576.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0577.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0578.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0579.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0580.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0581.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0582.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0583.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0584.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0585.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0586.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0587.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0588.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0589.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0590.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0591.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0592.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0593.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0594.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0595.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0596.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0597.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0598.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0599.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0600.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0601.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0602.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0603.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0604.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0605.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0606.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0607.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0608.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0609.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0610.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0611.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0612.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0613.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0614.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0615.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0616.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0617.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0618.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0619.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0620.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0621.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0622.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0623.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0624.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0625.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0626.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0627.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0628.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0629.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0630.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0631.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0632.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0633.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0634.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0635.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0636.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0637.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0638.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0639.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0640.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0641.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0642.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0643.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0644.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0645.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0646.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0647.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0648.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0649.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0650.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0651.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0652.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0653.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0654.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0655.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0656.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0657.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0658.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0659.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0660.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0661.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0662.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0663.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0664.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0665.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0666.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0667.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0668.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0669.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0670.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0671.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0672.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0673.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0674.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0675.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0676.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0677.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0678.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0679.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0680.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0681.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0682.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0683.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0684.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0685.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0686.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0687.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0688.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0689.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0690.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0691.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0692.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0693.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0694.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0695.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0696.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0697.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0698.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0699.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0700.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0701.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0702.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0703.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0704.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0705.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0706.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0707.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0708.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0709.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0710.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0711.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0712.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0713.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0714.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0715.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0716.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0717.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0718.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0719.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0720.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0721.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0722.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0723.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0724.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0725.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0726.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0727.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0728.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0729.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0730.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0731.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0732.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0733.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0734.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0735.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0736.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0737.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0738.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0739.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0740.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0741.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0742.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0743.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0744.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0745.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0746.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0747.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0748.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0749.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0750.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0751.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0752.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0753.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0754.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0755.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0756.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0757.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0758.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0759.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0760.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0761.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0762.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0763.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0764.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0765.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0766.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0767.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0768.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0769.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0770.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0771.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0772.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0773.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0774.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0775.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0776.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0777.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0778.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0779.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0780.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0781.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0782.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0783.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0784.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0785.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0786.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0787.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0788.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0789.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0790.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0791.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0792.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0793.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0794.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0795.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0796.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0797.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0798.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0799.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0800.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0801.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0802.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0803.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0804.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0805.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0806.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0807.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0808.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0809.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0810.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0811.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0812.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0813.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0814.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0815.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0816.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0817.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0818.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0819.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0820.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0821.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0822.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0823.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0824.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0825.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0826.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0827.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0828.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0829.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0830.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0831.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0832.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0833.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0834.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0835.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0836.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0837.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0838.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0839.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0840.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0841.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0842.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0843.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0844.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0845.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0846.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0847.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0848.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0849.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0850.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0851.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0852.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0853.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0854.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0855.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0856.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0857.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0858.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0859.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0860.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0861.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0862.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0863.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0864.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0865.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0866.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0867.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0868.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0869.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0870.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0871.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0872.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0873.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0874.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0875.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0876.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0877.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0878.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0879.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0880.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0881.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0882.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0883.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0884.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0885.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0886.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0887.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0888.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0889.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0890.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0891.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0892.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0893.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0894.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0895.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0896.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0897.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0898.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0899.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0900.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0901.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0902.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0903.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0904.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0905.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0906.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0907.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0908.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0909.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0910.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0911.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0912.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0913.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0914.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0915.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0916.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0917.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0918.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0919.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0920.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0921.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0922.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0923.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0924.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0925.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0926.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0927.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0928.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0929.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0930.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0931.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0932.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0933.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0934.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0935.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0936.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0937.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0938.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0939.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0940.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0941.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0942.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0943.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0944.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0945.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0946.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0947.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0948.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0949.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0950.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0951.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0952.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0953.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0954.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0955.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0956.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0957.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0958.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0959.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0960.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0961.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0962.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0963.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0964.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0965.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0966.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0967.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0968.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0969.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0970.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0971.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0972.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0973.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0974.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0975.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0976.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0977.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0978.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0979.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0980.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0981.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0982.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0983.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0984.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0985.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0986.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0987.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0988.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0989.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0990.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0991.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0992.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0993.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0994.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0995.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0996.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0997.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0998.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_0999.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1000.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1001.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1002.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1003.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1004.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1005.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1006.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1007.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1008.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1009.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1010.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1011.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1012.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1013.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1014.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1015.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1016.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1017.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1018.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1019.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1020.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1021.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1022.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1023.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1024.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1025.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1026.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1027.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1028.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1029.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1030.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1031.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1032.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1033.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1034.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1035.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1036.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1037.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1038.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1039.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1040.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1041.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1042.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1043.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1044.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1045.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1046.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1047.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1048.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1049.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1050.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1051.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1052.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1053.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1054.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1055.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1056.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1057.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1058.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1059.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1060.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1061.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1062.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1063.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1064.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1065.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1066.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1067.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1068.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1069.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1070.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1071.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1072.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1073.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1074.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1075.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1076.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1077.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1078.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1079.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1080.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1081.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1082.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1083.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1084.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1085.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1086.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1087.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1088.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1089.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1090.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1091.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1092.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1093.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1094.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1095.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1096.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1097.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1098.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1099.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1100.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1101.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\ColorLib\ColorLib_1102.jpg

c:\programdata\app\Mosaizer Pro 8\Libraries\KALENDER oma t+t k+m 97.dat

c:\programdata\app\Mosaizer Pro 8\Libraries\KALENDER oma t+t k+m 97.lst

c:\programdata\app\Mosaizer Pro 8\Libraries\skiurlaub 474.dat

c:\programdata\app\Mosaizer Pro 8\Libraries\skiurlaub 474.lst

c:\programdata\app\Mosaizer Pro 8\Sources\MosaizerPro.log

C:\uninstall.exe

c:\users\Sophie\AppData\Roaming\Local

c:\users\Sophie\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\Sophie\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi

c:\users\Sophie\AppData\Roaming\Local\Temp\DDM\Settings\exp-onetreehillxvid-s06e05.avi.ddr

c:\users\Sophie\AppData\Roaming\Local\Temp\DDM\Settings\exp_onetreehillxvid_s06e05.avi.ddr

c:\users\Sophie\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Sophie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\exp-onetreehillxvid-s06e05.avi.ddp

c:\users\Sophie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\exp_onetreehillxvid_s06e05.avi.ddp

c:\windows\system32\sppsvc_old.exe.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))

.

.

2012-03-29 16:42 . 2012-03-29 16:42        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-03-27 21:40 . 2012-03-27 21:40        --------        d-----w-        C:\_OTL

2012-03-26 11:28 . 2012-03-26 11:28        --------        d-----w-        c:\program files\CCleaner

2012-03-24 12:33 . 2012-03-24 12:33        --------        d-----w-        c:\program files\VS Revo Group

2012-03-20 17:58 . 2012-03-20 17:58        --------        d-----w-        c:\program files\ESET

2012-03-20 17:52 . 2012-03-20 17:52        --------        d-----w-        c:\users\Sophie\AppData\Roaming\Malwarebytes

2012-03-20 17:52 . 2012-03-20 17:52        --------        d-----w-        c:\programdata\Malwarebytes

2012-03-20 17:52 . 2012-03-20 17:52        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-03-20 17:52 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-20 17:45 . 2012-03-20 17:45        --------        d-----w-        c:\program files\7-Zip

2012-03-06 12:49 . 2012-03-08 18:17        45016        ----a-w-        c:\program files\Mozilla Firefox\mozutils.dll

2012-03-06 12:49 . 2012-03-06 12:49        626688        ----a-w-        c:\program files\Mozilla Firefox\msvcr80.dll

2012-03-06 12:49 . 2012-03-06 12:49        548864        ----a-w-        c:\program files\Mozilla Firefox\msvcp80.dll

2012-03-06 12:49 . 2012-03-06 12:49        479232        ----a-w-        c:\program files\Mozilla Firefox\msvcm80.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-04 11:36 . 2011-05-22 10:48        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-01-09 16:18 . 2011-01-09 16:18        50        ----a-w-        c:\program files\install.bat

2011-01-09 16:18 . 2011-01-09 16:18        39        ----a-w-        c:\program files\uninstall.bat

2010-09-05 14:24 . 2011-01-09 00:30        19657194        ----a-w-        c:\program files\vlc-1.1.4-win32.exe

2003-07-14 15:09 . 2011-01-09 16:18        1822520        ------w-        c:\program files\instmsiw.exe

2003-07-14 15:09 . 2011-01-09 16:18        1708856        ------w-        c:\program files\instmsia.exe

2003-07-14 15:09 . 2011-01-09 16:18        1150976        ------w-        c:\program files\hpbtpg.exe

2003-07-14 15:09 . 2011-01-09 16:16        10990268        ------w-        c:\program files\hp LaserJet 1010 Series.msi

2012-03-08 18:17 . 2011-05-06 11:24        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]

"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]

"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-23 127040]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2009-04-23 1904640]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 136176]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2009-04-23 4352]

R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2009-04-23 440832]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 136176]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-06 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]

S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 21:10]

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 21:10]

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3419469167-732743675-4181630984-1000Core.job

- c:\users\Sophie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 18:52]

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3419469167-732743675-4181630984-1000UA.job

- c:\users\Sophie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 18:52]

.

.

------- Zusätzlicher Suchlauf -------

.

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\jppsct5r.default\

FF - prefs.js: browser.startup.homepage - google.de

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-03-29  18:44:27

ComboFix-quarantined-files.txt  2012-03-29 16:44

.

Vor Suchlauf: 13 Verzeichnis(se), 164.306.309.120 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 164.222.365.696 Bytes frei

.

- - End Of File - - 67646A55BABC28C502BE99F0D86848D8

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Okay, danke schonmal für die hilfe :)
nicht wundern, dass ich nächste Woche nix mehr mache, komme bis zum 9. April nicht mehr an meinen PC, dannach mach ich dann weiter :)

Ok, melde dich dann einfach wieder, ich seh das sofort wenn du hier wieder antwortest
Schönen Urlaub (oder so :lach: )

Danke für deine Hilfe, mein Problem wurde allerdings inzwischen schon behoben.