Trojaner-Board - BUNDESPOLIZEI / Ihr Computer wurde gesperrt

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - BUNDESPOLIZEI / Ihr Computer wurde gesperrt (https://www.trojaner-board.de/117882-bundespolizei-computer-wurde-gesperrt.html)

BUNDESPOLIZEI / Ihr Computer wurde gesperrt

Hallo liebes Trojaner-Board Team,

mein Sohn hat mich am Donnerstag völlig aufgelöst angerufen, dass der Computer plötzlich durch die Bundespolizei gesperrt ist und er eine Strafe von 100 € zahlen muss.

Der Bildschirm sieht wie folgt aus.:

[IMG]F:\Trojaner-SW\SW für Bereinigung und Logging\Screenshot\bundespolizei.png[/IMG]

Die Sperre erscheint allerdings nur, wenn man unter seinem Benutzer angemeldet ist.
Wenn man sich als Administrator oder unter dem Benutzerkonto meiner Tochter anmeldet, arbeitet der Laptop normal.

Wenn ich versuche den Taskmanager über strg+alt+entfernen zu öffnen schließt er sich sofort wieder.

Ich habe mir das Program Malwarebytes "Anti-Malware" heruntergeladen und installiert. Ich habe das Program mehrfach laufen lassen, da es immer wieder infizierte Dateien gefunden hat.
Es hat aber nicht geschafft den Computer zu bereinigen. Die Sperre ist noch da.

Nun habe ich wie von Euch gewünscht OTL von Oltimer installiert und den Inhalt der Log-Files ins Thread kopiert. Zusätzlich habe ich alle Log-Files von "Anti-Malware" gezippt und als Anhang hochgeladen.

Hier auch der Inhalt von OTL.txt:

OTL logfile created on: 24.06.2012 15:10:35 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = E:\Trojaner-SW\SW für Bereinigung und Logging\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,93 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 65,05% Memory free
7,86 Gb Paging File | 6,48 Gb Available in Paging File | 82,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220,78 Gb Total Space | 147,18 Gb Free Space | 66,66% Space Free | Partition Type: NTFS
Drive D: | 8,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 7,47 Gb Total Space | 0,04 Gb Free Space | 0,49% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: K&S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\Trojaner-SW\SW für Bereinigung und Logging\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Sun\StarOffice 8\program\soffice.BIN (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Sun\StarOffice 8\program\soffice.exe (Sun Microsystems, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Sun\StarOffice 8\program\libxml2.dll ()

========== Win32 Services (SafeList) ==========

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (ePowerSvc) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278
IE - HKLM\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2536373

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=604962b5000000000000964ce51719e9
IE - HKCU\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=604962b5000000000000964ce51719e9
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE359
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2536373
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "ClipGrab Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2536373&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "ClipGrab Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.net"
FF - prefs.js..extensions.enabledItems: {e36df325-3f4b-476f-8f89-123bc5d51a30}:3.10.0.1
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.6.1.02
FF - prefs.js..extensions.enabledItems: crossriderapp2258@crossrider.com:0.80.26
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=604962b5000000000000964ce51719e9&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.01.31 22:33:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG2012\Firefox\ [2012.01.31 22:33:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.31 20:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.18 12:03:10 | 000,000,000 | ---D | M]

[2012.04.02 17:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K&S\AppData\Roaming\mozilla\Extensions
[2012.05.02 17:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions
[2012.04.02 17:16:59 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2012.02.14 19:44:52 | 000,000,000 | ---D | M] (ClipGrab Community Toolbar) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}
[2012.05.02 17:41:57 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.05.02 17:41:51 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com
[2012.05.02 17:41:24 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com
[2012.01.31 22:13:16 | 000,000,919 | ---- | M] () -- C:\Users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\searchplugins\conduit.xml
[2012.04.02 17:16:55 | 000,002,515 | ---- | M] () -- C:\Users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\searchplugins\Search_Results.xml
[2012.05.02 17:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.01 19:45:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.27 18:17:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.08.07 09:50:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.23 18:38:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.04.02 17:17:07 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.02 10:31:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.02 17:41:14 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2009.12.02 10:31:53 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.12.02 10:31:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.02 17:16:55 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2009.12.02 10:31:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.12.02 10:31:53 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (DataMngr) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\BROWSE~1.DLL (MusicLab, LLC)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (DataMngr) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL (MusicLab, LLC)
O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()
O3 - HKLM\..\Toolbar: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ClipGrab Toolbar) - {E36DF325-3F4B-476F-8F89-123BC5D51A30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] C:\Windows\SysNative\OEM\_NowIntoDT.vbs ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE (MusicLab, LLC)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4:64bit: - HKLM..\RunOnce: [PLD_FrameworkRunOnce] C:\Windows\SysNative\OEM\_waitAndLaunch_PLD_Framework_NoWait.vbs ()
O4 - HKCU..\RunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Program Files (x86)\Sun\StarOffice 8\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2656828D-ABED-4F66-B0DB-06D35E1235BD}: DhcpNameServer = 192.168.0.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{603111CC-77CA-49D2-A2CA-01C63F2F0D2C}: DhcpNameServer = 192.168.0.253
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll (MusicLab, LLC)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.21 19:52:15 | 000,000,000 | ---D | C] -- C:\Users\K&S\AppData\Roaming\Malwarebytes
[2012.06.21 19:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.21 19:52:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.21 19:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.21 19:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.21 15:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\mcrpgfzsodfwmdp
[2012.06.09 21:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.09 21:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.09 20:55:39 | 000,000,000 | ---D | C] -- C:\xmldm
[2012.06.01 20:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\mxrugfrsddjwbdp
[2009.10.24 11:17:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2012.06.24 15:10:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.24 15:10:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.24 15:07:55 | 000,000,000 | ---- | M] () -- C:\Users\K&S\defogger_reenable
[2012.06.24 15:07:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.24 15:06:17 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.24 15:03:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.24 15:03:00 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.24 14:37:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4284497293-1136568860-3551687546-1002UA.job
[2012.06.24 14:30:45 | 100,677,902 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.06.21 19:53:32 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.21 19:53:32 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.21 19:53:32 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.21 19:53:32 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.21 19:53:32 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.21 19:52:08 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.21 15:37:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4284497293-1136568860-3551687546-1002Core.job
[2012.06.21 15:02:49 | 000,000,052 | ---- | M] () -- C:\ProgramData\ssrahfwjarrbynh
[2012.06.21 15:02:42 | 000,065,536 | ---- | M] () -- C:\ProgramData\fzvdabqn.exe
[2012.06.21 15:02:42 | 000,065,536 | ---- | M] () -- C:\ProgramData\dolzowms.exe
[2012.06.15 17:43:24 | 000,297,344 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.06.09 22:13:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.09 22:13:40 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.09 21:56:52 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.01 20:18:34 | 000,000,448 | ---- | M] () -- C:\ProgramData\snrfhfojprvbnnh

========== Files Created - No Company Name ==========

[2012.06.24 15:07:55 | 000,000,000 | ---- | C] () -- C:\Users\K&S\defogger_reenable
[2012.06.21 19:52:08 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.21 15:02:49 | 000,065,536 | ---- | C] () -- C:\ProgramData\dolzowms.exe
[2012.06.21 15:02:48 | 000,065,536 | ---- | C] () -- C:\ProgramData\fzvdabqn.exe
[2012.06.21 15:02:43 | 000,000,052 | ---- | C] () -- C:\ProgramData\ssrahfwjarrbynh
[2012.06.09 21:56:52 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.01 20:18:28 | 000,000,448 | ---- | C] () -- C:\ProgramData\snrfhfojprvbnnh
[2011.06.18 11:24:26 | 000,000,206 | ---- | C] () -- C:\Windows\disneysy.ini
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

========== LOP Check ==========

[2009.12.26 16:32:27 | 000,000,000 | -HSD | M] -- C:\Users\K&S\AppData\Roaming\.#
[2012.05.05 09:52:39 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\.minecraft
[2011.07.01 15:38:11 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Ancient Quest of Saqqarah__city
[2012.01.29 15:04:26 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\AVG2012
[2012.05.02 17:41:04 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Babylon
[2011.06.18 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Disney Interactive Studios
[2009.12.13 14:59:53 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\GameConsole
[2012.03.31 16:52:31 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\MAGIX
[2010.03.31 16:34:18 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Mp3tag
[2011.12.01 19:50:58 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\OpenOffice.org
[2012.06.24 15:06:44 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\StarOffice8
[2011.07.01 15:27:33 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\StoneLoopsCT
[2011.11.14 18:31:07 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Windows Live Writer
[2012.06.20 13:41:46 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:444C53BA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93DE1838

< End of report >

Ich hoffe Ihr könnt mir helfen.
Vielen Dank schon einmal im Voraus für Eure Hilfe,

Michael (itsme42)

Zitat:

Der Bildschirm sieht wie folgt aus.:

[IMG]F:\Trojaner-SW\SW für Bereinigung und Logging\Screenshot\bundespolizei.png[/IMG]

Witzig, du versuchst ein Bild welches local auf deinem Rechner liegt hier im Forum zu verlinken? Das kann nicht funktionieren :D

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
http://img707.imageshack.us/img707/687/starteg.jpg drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Hallo cosinus,
danke schon mal dafür, dass Du uns helfen willst.

Ich habe ESET installiert und den scan gestartet.
Hier ist das Ergebis aus der LOG-Datei:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 06:48:30
# local_time=2012-06-28 08:48:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 13064088 13064088 0 0
# compatibility_mode=5893 16776574 66 85 41894759 92532516 0 0
# compatibility_mode=8192 67108863 100 0 272 272 0 0
# scanned=181755
# found=22
# cleaned=0
# scan_time=6643
C:\$Recycle.Bin\S-1-5-21-4284497293-1136568860-3551687546-1000\$R038245.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\$Recycle.Bin\S-1-5-21-4284497293-1136568860-3551687546-1002\$RRG7J0R.exe probably a variant of Win32/Adware.LXVWVIE application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\dolzowms.exe a variant of Win32/Kryptik.AHHK trojan (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\fzvdabqn.exe a variant of Win32/Kryptik.AHHK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\dolzowms.exe a variant of Win32/Kryptik.AHHK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\fzvdabqn.exe a variant of Win32/Kryptik.AHHK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sebastian\AppData\Local\Temp\jar_cache6378937210097912766.tmp a variant of Java/Agent.EP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sebastian\AppData\Local\Temp\V.class a variant of Java/Agent.EQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sebastian\AppData\Roaming\AcroIEHelpe145.dll Win32/Spy.Banker.YAT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Sebastian\AppData\Roaming\01048\components\AcroFF048.dll a variant of Win32/Spy.Banker.YAH trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Toolbar.SearchSuite application 00000000000000000000000000000000 I

ich hoffe das hilft uns weiter ;-)

Gruß
Michael

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Hallo Arne,
es funktioniert alles wieder. Windows startet und läuft normal.
Es kommt keine Sperre mehr.

Das Einzige was ich sehe ist ein leerer Ordner mit dem Namen "BearShare" unter alle Programme.

Michael

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Arne,
ich habe den Scan mit OTL germacht. Hier das LOG:

Code:

OTL logfile created on: 01.07.2012 21:53:08 - Run 2

OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Michael\Downloads\OTL

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,93 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 69,05% Memory free

7,86 Gb Paging File | 6,57 Gb Available in Paging File | 83,57% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220,78 Gb Total Space | 147,67 Gb Free Space | 66,89% Space Free | Partition Type: NTFS

Drive D: | 8,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: LAPTOP | User Name: K&S | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Michael\Downloads\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)

PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer)

PRC - C:\Program Files (x86)\Sun\StarOffice 8\program\soffice.BIN (Sun Microsystems, Inc.)

PRC - C:\Program Files (x86)\Sun\StarOffice 8\program\soffice.exe (Sun Microsystems, Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Sun\StarOffice 8\program\libxml2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (ePowerSvc) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)

SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)

DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)

DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278

IE - HKLM\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2536373

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=604962b5000000000000964ce51719e9

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE359

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2536373

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaultthis.engineName: "ClipGrab Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2536373&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "ClipGrab Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.net"

FF - prefs.js..extensions.enabledItems: {e36df325-3f4b-476f-8f89-123bc5d51a30}:3.10.0.1

FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.6.1.02

FF - prefs.js..extensions.enabledItems: crossriderapp2258@crossrider.com:0.80.26

FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0

FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=604962b5000000000000964ce51719e9&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.06.28 18:30:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG2012\Firefox\ [2012.06.28 18:28:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.28 18:28:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.31 20:20:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.18 12:03:10 | 000,000,000 | ---D | M]

 

[2012.04.02 17:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K&S\AppData\Roaming\mozilla\Extensions

[2012.05.02 17:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions

[2012.04.02 17:16:59 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

[2012.02.14 19:44:52 | 000,000,000 | ---D | M] (ClipGrab Community Toolbar) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}

[2012.05.02 17:41:57 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2012.05.02 17:41:51 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com

[2012.05.02 17:41:24 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com

[2012.01.31 22:13:16 | 000,000,919 | ---- | M] () -- C:\Users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\searchplugins\conduit.xml

[2012.04.02 17:16:55 | 000,002,515 | ---- | M] () -- C:\Users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\searchplugins\Search_Results.xml

[2012.05.02 17:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.12.01 19:45:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.02.27 18:17:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.08.07 09:50:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.23 18:38:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2012.04.02 17:17:07 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION

[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2009.12.02 10:31:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.05.02 17:41:14 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2009.12.02 10:31:53 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2009.12.02 10:31:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.02 17:16:55 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2009.12.02 10:31:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2009.12.02 10:31:53 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)

O2:64bit: - BHO: (DataMngr) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\BROWSE~1.DLL (MusicLab, LLC)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (DataMngr) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL (MusicLab, LLC)

O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()

O3 - HKLM\..\Toolbar: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\Toolbar\WebBrowser: (ClipGrab Toolbar) - {E36DF325-3F4B-476F-8F89-123BC5D51A30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] C:\Windows\SysNative\OEM\_NowIntoDT.vbs ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE (MusicLab, LLC)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4:64bit: - HKLM..\RunOnce: [PLD_FrameworkRunOnce] C:\Windows\SysNative\OEM\_waitAndLaunch_PLD_Framework_NoWait.vbs ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000..\RunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe ()

O4 - Startup: C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Program Files (x86)\Sun\StarOffice 8\program\quickstart.exe ()

O4 - Startup: C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Program Files (x86)\Sun\StarOffice 8\program\quickstart.exe ()

O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Program Files (x86)\Sun\StarOffice 8\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.253

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2656828D-ABED-4F66-B0DB-06D35E1235BD}: DhcpNameServer = 192.168.0.253

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{603111CC-77CA-49D2-A2CA-01C63F2F0D2C}: DhcpNameServer = 192.168.0.253

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll (MusicLab, LLC)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)

O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)

O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.28 18:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.06.28 18:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012.06.28 18:27:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.06.21 19:52:15 | 000,000,000 | ---D | C] -- C:\Users\K&S\AppData\Roaming\Malwarebytes

[2012.06.21 19:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.06.21 19:52:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.21 19:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.06.21 19:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.06.21 15:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\mcrpgfzsodfwmdp

[2012.06.09 21:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.06.09 21:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.06.09 20:55:39 | 000,000,000 | ---D | C] -- C:\xmldm

[2009.10.24 11:17:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.01 21:42:12 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.07.01 21:42:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.01 21:42:05 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4284497293-1136568860-3551687546-1002UA.job

[2012.07.01 21:42:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.07.01 20:31:25 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.01 20:31:25 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.01 20:24:24 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2012.07.01 20:24:24 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job

[2012.07.01 20:24:24 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job

[2012.07.01 20:24:24 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job

[2012.07.01 20:24:24 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job

[2012.07.01 20:24:05 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.01 17:56:34 | 100,891,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012.07.01 17:56:14 | 000,297,379 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012.06.28 18:41:48 | 000,033,758 | ---- | M] () -- C:\Users\K&S\AppData\Local\dt.dat

[2012.06.28 18:30:15 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012.06.24 15:37:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4284497293-1136568860-3551687546-1002Core.job

[2012.06.24 15:07:55 | 000,000,000 | ---- | M] () -- C:\Users\K&S\defogger_reenable

[2012.06.21 19:53:32 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.06.21 19:53:32 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.06.21 19:53:32 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.06.21 19:53:32 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.06.21 19:53:32 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.06.21 19:52:08 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.21 15:02:49 | 000,000,052 | ---- | M] () -- C:\ProgramData\ssrahfwjarrbynh

[2012.06.21 15:02:42 | 000,065,536 | ---- | M] () -- C:\ProgramData\dolzowms.exe

[2012.06.09 21:56:52 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.07.01 20:24:24 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2012.07.01 20:24:24 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job

[2012.07.01 20:24:24 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job

[2012.07.01 20:24:24 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job

[2012.07.01 20:24:24 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job

[2012.06.28 18:41:48 | 000,033,758 | ---- | C] () -- C:\Users\K&S\AppData\Local\dt.dat

[2012.06.24 15:07:55 | 000,000,000 | ---- | C] () -- C:\Users\K&S\defogger_reenable

[2012.06.21 19:52:08 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.21 15:02:49 | 000,065,536 | ---- | C] () -- C:\ProgramData\dolzowms.exe

[2012.06.21 15:02:43 | 000,000,052 | ---- | C] () -- C:\ProgramData\ssrahfwjarrbynh

[2012.06.09 21:56:52 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.06.01 20:18:28 | 000,000,448 | ---- | C] () -- C:\ProgramData\snrfhfojprvbnnh

[2011.06.18 11:24:26 | 000,000,206 | ---- | C] () -- C:\Windows\disneysy.ini

[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

 
 ========== LOP Check ==========

 

[2009.12.26 16:32:27 | 000,000,000 | -HSD | M] -- C:\Users\K&S\AppData\Roaming\.#

[2012.05.05 09:52:39 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\.minecraft

[2011.07.01 15:38:11 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Ancient Quest of Saqqarah__city

[2012.01.29 15:04:26 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\AVG2012

[2012.05.02 17:41:04 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Babylon

[2011.06.18 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Disney Interactive Studios

[2009.12.13 14:59:53 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\GameConsole

[2012.03.31 16:52:31 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\MAGIX

[2010.03.31 16:34:18 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Mp3tag

[2011.12.01 19:50:58 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\OpenOffice.org

[2012.07.01 21:42:19 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\StarOffice8

[2011.07.01 15:27:33 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\StoneLoopsCT

[2011.11.14 18:31:07 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Windows Live Writer

[2011.05.12 18:30:50 | 000,000,000 | -HSD | M] -- C:\Users\Kristina\AppData\Roaming\.#

[2012.01.29 15:04:26 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\AVG2012

[2011.06.19 18:10:36 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\Disney Interactive Studios

[2009.12.24 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\GameConsole

[2011.12.03 12:27:35 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\OpenOffice.org

[2009.12.26 22:34:12 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\PlayFirst

[2012.06.30 10:37:30 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\StarOffice8

[2009.12.26 12:01:48 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\ViquaSoft

[2011.09.13 17:38:14 | 000,000,000 | -HSD | M] -- C:\Users\Sebastian\AppData\Roaming\.#

[2012.06.09 12:40:04 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\.minecraft

[2012.06.09 17:48:14 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\01040

[2012.06.12 15:19:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\01041

[2012.06.13 14:45:40 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\01042

[2012.06.14 16:32:38 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\01043

[2012.06.15 19:45:05 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\01044

[2012.06.18 18:44:44 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\01046

[2012.06.19 13:41:49 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\01047

[2012.06.19 21:23:41 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\01048

[2012.01.29 15:04:26 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\AVG2012

[2011.06.23 12:43:57 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Disney Interactive Studios

[2009.12.24 20:31:33 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\GameConsole

[2012.06.09 17:48:01 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\kock

[2012.04.02 18:10:51 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\MAGIX

[2012.02.14 22:38:51 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\OpenOffice.org

[2009.12.26 21:48:24 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PlayFirst

[2012.07.01 18:47:51 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\StarOffice8

[2012.06.18 15:54:33 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\UAs

[2009.12.24 22:17:05 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ViquaSoft

[2012.06.18 15:55:06 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\xmldm

[2012.07.01 20:24:24 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job

[2012.07.01 20:24:24 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job

[2012.07.01 20:24:24 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job

[2012.07.01 20:24:24 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job

[2012.07.01 20:24:24 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2012.06.20 13:41:46 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.12.26 16:32:27 | 000,000,000 | -HSD | M] -- C:\Users\K&S\AppData\Roaming\.#

[2012.05.05 09:52:39 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\.minecraft

[2009.12.21 12:25:34 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Adobe

[2011.07.01 15:38:11 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Ancient Quest of Saqqarah__city

[2011.11.01 11:19:13 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Apple Computer

[2012.04.01 14:21:32 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\ArcSoft

[2012.01.29 15:04:26 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\AVG2012

[2012.05.02 17:41:04 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Babylon

[2011.06.18 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Disney Interactive Studios

[2012.03.31 18:28:28 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\DivX

[2011.06.18 18:39:46 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\dvdcss

[2009.12.13 14:59:53 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\GameConsole

[2009.12.13 18:10:08 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Google

[2009.12.13 14:52:41 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Identities

[2011.06.18 13:11:04 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\InstallShield

[2009.12.13 14:53:12 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Macromedia

[2012.03.31 16:52:31 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\MAGIX

[2012.06.21 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Malwarebytes

[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Media Center Programs

[2011.11.13 20:43:23 | 000,000,000 | --SD | M] -- C:\Users\K&S\AppData\Roaming\Microsoft

[2010.11.10 16:11:38 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Mozilla

[2010.03.31 16:34:18 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Mp3tag

[2011.12.01 19:50:58 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\OpenOffice.org

[2010.11.10 16:11:02 | 000,000,000 | RH-D | M] -- C:\Users\K&S\AppData\Roaming\SecuROM

[2012.07.01 21:42:19 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\StarOffice8

[2011.07.01 15:27:33 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\StoneLoopsCT

[2011.06.18 18:45:11 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\vlc

[2011.11.14 18:31:07 | 000,000,000 | ---D | M] -- C:\Users\K&S\AppData\Roaming\Windows Live Writer

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABE89FFE

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E3C56885

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E1F04E8D

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D7E5A8F

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:444C53BA

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:AB689DEA

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0B9176C0

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4D066AD2

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93DE1838
 

< End of report >

Ich hoffe das Format ist korrekt.

Gruß
Michael

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278

IE - HKLM\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2536373

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273612098445l03d4z1i5r48020278

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=604962b5000000000000964ce51719e9

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE359

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=350&systemid=2&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2536373

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaultthis.engineName: "ClipGrab Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2536373&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "ClipGrab Customized Web Search"

FF - prefs.js..browser.startup.homepage: "http://search.bearshare.net"

FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0

FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=604962b5000000000000964ce51719e9&q="

[2012.04.02 17:16:59 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

[2012.02.14 19:44:52 | 000,000,000 | ---D | M] (ClipGrab Community Toolbar) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}

[2012.05.02 17:41:57 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2012.05.02 17:41:51 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com

[2012.05.02 17:41:24 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com

[2012.01.31 22:13:16 | 000,000,919 | ---- | M] () -- C:\Users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\searchplugins\conduit.xml

[2012.04.02 17:16:55 | 000,002,515 | ---- | M] () -- C:\Users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\searchplugins\Search_Results.xml

[2012.04.02 17:17:07 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION

[2012.05.02 17:41:14 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012.04.02 17:16:55 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

O2:64bit: - BHO: (DataMngr) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\BROWSE~1.DLL (MusicLab, LLC)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (DataMngr) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL (MusicLab, LLC)

O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll ()

O3 - HKLM\..\Toolbar: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\..\Toolbar\WebBrowser: (ClipGrab Toolbar) - {E36DF325-3F4B-476F-8F89-123BC5D51A30} - C:\Program Files (x86)\ClipGrab\prxtbCli0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE (MusicLab, LLC)

O4:64bit: - HKLM..\RunOnce: [PLD_FrameworkRunOnce] C:\Windows\SysNative\OEM\_waitAndLaunch_PLD_Framework_NoWait.vbs ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll (MusicLab, LLC)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)

O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)

O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)

[2009.10.24 11:17:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

[2012.06.09 20:55:39 | 000,000,000 | ---D | C] -- C:\xmldm

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABE89FFE

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E3C56885

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E1F04E8D

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D7E5A8F

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:444C53BA

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:AB689DEA

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0B9176C0

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4D066AD2

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93DE1838

:Files

C:\PROGRA~2\BEARSH~1

C:\Program Files (x86)\BabylonToolbar

C:\Users\K&S\AppData\Roaming\.#

C:\Users\Sebastian\AppData\Roaming\.#

C:\Users\Sebastian\AppData\Roaming\kock

C:\Users\Kristina\AppData\Roaming\.#

C:\ProgramData\ssrahfwjarrbynh

C:\ProgramData\dolzowms.exe

C:\Users\Sebastian\AppData\Roaming\UAs

C:\Users\Sebastian\AppData\Roaming\xmldm

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo Arne,
ich habe den Scan mit OTL durchgeführt.
Hier der Imhalt der LOG-Datei:

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e36df325-3f4b-476f-8f89-123bc5d51a30} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ deleted successfully.

C:\Program Files (x86)\ClipGrab\prxtbCli0.dll moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e36df325-3f4b-476f-8f89-123bc5d51a30} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ not found.

File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.

HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.

Registry key HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename

Prefs.js: "ClipGrab Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2536373&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1

Prefs.js: "ClipGrab Customized Web Search" removed from browser.search.selectedEngine

Prefs.js: "hxxp://search.bearshare.net" removed from browser.startup.homepage

Prefs.js: ffxtlbr@babylon.com:1.2.0 removed from extensions.enabledItems

Prefs.js: "hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=604962b5000000000000964ce51719e9&q=" removed from keyword.URL

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\components folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\searchbar folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\options folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\weatherbutton\panels folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\weatherbutton\icons folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\weatherbutton folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\uwa folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\radio\images folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\radio\css folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\radio folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\images folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\default\scripts folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\default\images folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\default\css folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\default folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\css folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\modules folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\lib folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\data\search folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\data folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\searchplugin folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\modules folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\META-INF folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\defaults folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\components folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30}\chrome folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30} folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\skin folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\locale\en-US folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\locale folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\defaults folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\chrome\content folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com\chrome folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\crossriderapp2258@crossrider.com folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.

C:\Users\K&S\AppData\Roaming\mozilla\Firefox\Profiles\al0jc1yx.default\extensions\ffxtlbr@babylon.com folder moved successfully.

C:\Users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\searchplugins\conduit.xml moved successfully.

C:\Users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\searchplugins\Search_Results.xml moved successfully.

C:\PROGRAM FILES (X86)\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully.

C:\PROGRAM FILES (X86)\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully.

C:\PROGRAM FILES (X86)\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION folder moved successfully.

C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.

C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.

C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\BROWSE~1.DLL moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.

C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ deleted successfully.

C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ not found.

File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found.

File C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e36df325-3f4b-476f-8f89-123bc5d51a30} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e36df325-3f4b-476f-8f89-123bc5d51a30}\ not found.

File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

64bit-Registry value HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.

Registry value HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E36DF325-3F4B-476F-8F89-123BC5D51A30} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E36DF325-3F4B-476F-8F89-123BC5D51A30}\ not found.

File C:\Program Files (x86)\ClipGrab\prxtbCli0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.

C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\PLD_FrameworkRunOnce deleted successfully.

C:\Windows\SysNative\OEM\_waitAndLaunch_PLD_Framework_NoWait.vbs moved successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.

Registry value HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll deleted successfully.

C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll deleted successfully.

C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll deleted successfully.

C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll deleted successfully.

C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll moved successfully.

C:\ProgramData\FullRemove.exe moved successfully.

C:\xmldm folder moved successfully.

ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully.

ADS C:\ProgramData\TEMP:E3C56885 deleted successfully.

ADS C:\ProgramData\TEMP:E1F04E8D deleted successfully.

ADS C:\ProgramData\TEMP:5D7E5A8F deleted successfully.

ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.

ADS C:\ProgramData\TEMP:444C53BA deleted successfully.

ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.

ADS C:\ProgramData\TEMP:0B9176C0 deleted successfully.

ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.

ADS C:\ProgramData\TEMP:93DE1838 deleted successfully.

========== FILES ==========

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\x64 folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\components folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\skin folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content\data folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome\content folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar\chrome folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\ToolBar folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr folder moved successfully.

C:\PROGRA~2\BearShare Applications\MediaBar folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins\Images folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\videosview\images folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\videosview folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\images folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\colorsbubble\images folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\colorsbubble folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\cdripview folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\artistsview\images folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\artistsview folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\albumsview\images folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins\html\albumsview folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins\html folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\Skins folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\HTML\Images folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare\HTML folder moved successfully.

C:\PROGRA~2\BearShare Applications\BearShare folder moved successfully.

C:\PROGRA~2\BearShare Applications folder moved successfully.

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.

C:\Program Files (x86)\BabylonToolbar folder moved successfully.

C:\Users\K&S\AppData\Roaming\.# folder moved successfully.

C:\Users\Sebastian\AppData\Roaming\.# folder moved successfully.

C:\Users\Sebastian\AppData\Roaming\kock folder moved successfully.

C:\Users\Kristina\AppData\Roaming\.# folder moved successfully.

C:\ProgramData\ssrahfwjarrbynh moved successfully.

C:\ProgramData\dolzowms.exe moved successfully.

C:\Users\Sebastian\AppData\Roaming\UAs folder moved successfully.

C:\Users\Sebastian\AppData\Roaming\xmldm folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: K&S

->Temp folder emptied: 544605 bytes

->Temporary Internet Files folder emptied: 51908802 bytes

->Java cache emptied: 3536423 bytes

->FireFox cache emptied: 44933947 bytes

->Flash cache emptied: 6684 bytes

 

User: Kristina

->Temp folder emptied: 24241205 bytes

->Temporary Internet Files folder emptied: 129087903 bytes

->Java cache emptied: 7140 bytes

->FireFox cache emptied: 3621680 bytes

->Flash cache emptied: 187623 bytes

 

User: Michael

 

User: Public

 

User: Rezepte

 

User: Sebastian

->Temp folder emptied: 114061758 bytes

->Temporary Internet Files folder emptied: 280590135 bytes

->Java cache emptied: 157604 bytes

->FireFox cache emptied: 76041010 bytes

->Google Chrome cache emptied: 159991035 bytes

->Flash cache emptied: 390038 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1592 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84895 bytes

RecycleBin emptied: 286104 bytes

 

Total Files Cleaned = 848,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: K&S

->Flash cache emptied: 0 bytes

 

User: Kristina

->Flash cache emptied: 0 bytes

 

User: Michael

 

User: Public

 

User: Rezepte

 

User: Sebastian

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.53.1 log created on 07022012_214022
 

Files\Folders moved on Reboot...

C:\Users\K&S\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

PendingFileRenameOperations files...

File C:\Users\K&S\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
 

Registry entries deleted on Reboot...

Gruß
Michael

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hallo Arne,
ich habe den TDSS-Killer installiert und laufen lassen.
Leider konnte ich den Virenscanner (AVG) nicht deaktivieren. Es kam immer die Fehlermeldung "Beim Speichern der Konfiguration ist ein Fehler aufgetreten. die angegebene Datei wurde nicht gefunden".

Der Scan hat aber trotzdem funktioniert.
Hier der Inhalt des LOG-Files:

Code:

21:03:53.0409 4732        TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08

21:03:55.0412 4732        ============================================================

21:03:55.0412 4732        Current date / time: 2012/07/03 21:03:55.0412

21:03:55.0412 4732        SystemInfo:

21:03:55.0412 4732        

21:03:55.0412 4732        OS Version: 6.1.7601 ServicePack: 1.0

21:03:55.0412 4732        Product type: Workstation

21:03:55.0413 4732        ComputerName: LAPTOP

21:03:55.0413 4732        UserName: K&S

21:03:55.0413 4732        Windows directory: C:\Windows

21:03:55.0413 4732        System windows directory: C:\Windows

21:03:55.0413 4732        Running under WOW64

21:03:55.0413 4732        Processor architecture: Intel x64

21:03:55.0413 4732        Number of processors: 2

21:03:55.0413 4732        Page size: 0x1000

21:03:55.0413 4732        Boot type: Normal boot

21:03:55.0413 4732        ============================================================

21:03:56.0556 4732        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:03:56.0563 4732        ============================================================

21:03:56.0563 4732        \Device\Harddisk0\DR0:

21:03:56.0563 4732        MBR partitions:

21:03:56.0563 4732        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD

21:03:56.0563 4732        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x1B990244

21:03:56.0563 4732        ============================================================

21:03:56.0589 4732        C: <-> \Device\Harddisk0\DR0\Partition1

21:03:56.0589 4732        ============================================================

21:03:56.0589 4732        Initialize success

21:03:56.0589 4732        ============================================================

21:04:22.0068 3760        ============================================================

21:04:22.0068 3760        Scan started

21:04:22.0068 3760        Mode: Manual; SigCheck; TDLFS; 

21:04:22.0068 3760        ============================================================

21:04:23.0209 3760        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

21:04:23.0349 3760        1394ohci - ok

21:04:23.0385 3760        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

21:04:23.0402 3760        ACPI - ok

21:04:23.0442 3760        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

21:04:23.0493 3760        AcpiPmi - ok

21:04:23.0576 3760        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

21:04:23.0610 3760        adp94xx - ok

21:04:23.0653 3760        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

21:04:23.0672 3760        adpahci - ok

21:04:23.0690 3760        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

21:04:23.0706 3760        adpu320 - ok

21:04:23.0728 3760        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

21:04:23.0783 3760        AeLookupSvc - ok

21:04:23.0862 3760        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

21:04:23.0905 3760        AFD - ok

21:04:23.0956 3760        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

21:04:23.0969 3760        agp440 - ok

21:04:23.0997 3760        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

21:04:24.0034 3760        ALG - ok

21:04:24.0073 3760        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

21:04:24.0086 3760        aliide - ok

21:04:24.0104 3760        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

21:04:24.0116 3760        amdide - ok

21:04:24.0154 3760        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

21:04:24.0193 3760        AmdK8 - ok

21:04:24.0213 3760        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

21:04:24.0245 3760        AmdPPM - ok

21:04:24.0303 3760        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

21:04:24.0327 3760        amdsata - ok

21:04:24.0352 3760        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

21:04:24.0368 3760        amdsbs - ok

21:04:24.0393 3760        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

21:04:24.0404 3760        amdxata - ok

21:04:24.0470 3760        ApfiltrService  (c79c86a0395689045710e24d64e5e086) C:\Windows\system32\DRIVERS\Apfiltr.sys

21:04:24.0512 3760        ApfiltrService - ok

21:04:24.0575 3760        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

21:04:24.0648 3760        AppID - ok

21:04:24.0691 3760        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

21:04:24.0767 3760        AppIDSvc - ok

21:04:24.0808 3760        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

21:04:24.0880 3760        Appinfo - ok

21:04:24.0999 3760        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:04:25.0016 3760        Apple Mobile Device - ok

21:04:25.0061 3760        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

21:04:25.0076 3760        arc - ok

21:04:25.0090 3760        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

21:04:25.0104 3760        arcsas - ok

21:04:25.0129 3760        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

21:04:25.0187 3760        AsyncMac - ok

21:04:25.0240 3760        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

21:04:25.0251 3760        atapi - ok

21:04:25.0378 3760        athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

21:04:25.0443 3760        athr - ok

21:04:25.0586 3760        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

21:04:25.0659 3760        AudioEndpointBuilder - ok

21:04:25.0667 3760        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

21:04:25.0717 3760        AudioSrv - ok

21:04:26.0112 3760        AVGIDSAgent     (55893fff154ffd7c29919d2b9218210c) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

21:04:26.0202 3760        AVGIDSAgent - ok

21:04:26.0332 3760        AVGIDSDriver    (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys

21:04:26.0352 3760        AVGIDSDriver - ok

21:04:26.0431 3760        AVGIDSFilter    (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys

21:04:26.0444 3760        AVGIDSFilter - ok

21:04:26.0492 3760        AVGIDSHA        (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys

21:04:26.0507 3760        AVGIDSHA - ok

21:04:26.0611 3760        Avgldx64        (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys

21:04:26.0632 3760        Avgldx64 - ok

21:04:26.0667 3760        Avgmfx64        (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys

21:04:26.0675 3760        Avgmfx64 - ok

21:04:26.0710 3760        Avgrkx64        (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys

21:04:26.0719 3760        Avgrkx64 - ok

21:04:26.0757 3760        Avgtdia         (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys

21:04:26.0773 3760        Avgtdia - ok

21:04:26.0870 3760        avgwd           (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

21:04:26.0889 3760        avgwd - ok

21:04:26.0950 3760        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

21:04:27.0006 3760        AxInstSV - ok

21:04:27.0078 3760        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

21:04:27.0130 3760        b06bdrv - ok

21:04:27.0189 3760        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

21:04:27.0236 3760        b57nd60a - ok

21:04:27.0404 3760        BCM43XX         (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys

21:04:27.0472 3760        BCM43XX - ok

21:04:27.0585 3760        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

21:04:27.0611 3760        BDESVC - ok

21:04:27.0661 3760        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

21:04:27.0738 3760        Beep - ok

21:04:27.0837 3760        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

21:04:27.0908 3760        BFE - ok

21:04:27.0974 3760        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

21:04:28.0046 3760        BITS - ok

21:04:28.0361 3760        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

21:04:28.0405 3760        blbdrive - ok

21:04:28.0544 3760        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

21:04:28.0565 3760        Bonjour Service - ok

21:04:28.0619 3760        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

21:04:28.0650 3760        bowser - ok

21:04:28.0685 3760        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:04:28.0731 3760        BrFiltLo - ok

21:04:28.0754 3760        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:04:28.0790 3760        BrFiltUp - ok

21:04:28.0851 3760        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

21:04:28.0925 3760        Browser - ok

21:04:28.0962 3760        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

21:04:29.0006 3760        Brserid - ok

21:04:29.0030 3760        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

21:04:29.0067 3760        BrSerWdm - ok

21:04:29.0099 3760        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:04:29.0132 3760        BrUsbMdm - ok

21:04:29.0156 3760        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

21:04:29.0203 3760        BrUsbSer - ok

21:04:29.0237 3760        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

21:04:29.0270 3760        BTHMODEM - ok

21:04:29.0321 3760        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

21:04:29.0407 3760        bthserv - ok

21:04:29.0460 3760        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

21:04:29.0534 3760        cdfs - ok

21:04:29.0601 3760        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

21:04:29.0647 3760        cdrom - ok

21:04:29.0699 3760        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

21:04:29.0750 3760        CertPropSvc - ok

21:04:29.0792 3760        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

21:04:29.0839 3760        circlass - ok

21:04:29.0877 3760        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

21:04:29.0894 3760        CLFS - ok

21:04:29.0964 3760        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:04:29.0977 3760        clr_optimization_v2.0.50727_32 - ok

21:04:30.0033 3760        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:04:30.0052 3760        clr_optimization_v2.0.50727_64 - ok

21:04:30.0075 3760        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

21:04:30.0109 3760        CmBatt - ok

21:04:30.0145 3760        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

21:04:30.0158 3760        cmdide - ok

21:04:30.0228 3760        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

21:04:30.0256 3760        CNG - ok

21:04:30.0298 3760        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

21:04:30.0317 3760        Compbatt - ok

21:04:30.0377 3760        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

21:04:30.0424 3760        CompositeBus - ok

21:04:30.0446 3760        COMSysApp - ok

21:04:30.0467 3760        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

21:04:30.0487 3760        crcdisk - ok

21:04:30.0544 3760        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

21:04:30.0613 3760        CryptSvc - ok

21:04:30.0679 3760        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

21:04:30.0744 3760        DcomLaunch - ok

21:04:30.0798 3760        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

21:04:30.0874 3760        defragsvc - ok

21:04:30.0934 3760        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

21:04:31.0009 3760        DfsC - ok

21:04:31.0080 3760        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

21:04:31.0158 3760        Dhcp - ok

21:04:31.0194 3760        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

21:04:31.0233 3760        discache - ok

21:04:31.0283 3760        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

21:04:31.0295 3760        Disk - ok

21:04:31.0419 3760        DKbFltr         (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys

21:04:31.0433 3760        DKbFltr - ok

21:04:31.0476 3760        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

21:04:31.0524 3760        Dnscache - ok

21:04:31.0590 3760        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

21:04:31.0642 3760        dot3svc - ok

21:04:31.0660 3760        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

21:04:31.0727 3760        DPS - ok

21:04:31.0789 3760        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

21:04:31.0813 3760        drmkaud - ok

21:04:31.0915 3760        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

21:04:31.0954 3760        DXGKrnl - ok

21:04:31.0993 3760        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

21:04:32.0046 3760        EapHost - ok

21:04:32.0191 3760        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

21:04:32.0269 3760        ebdrv - ok

21:04:32.0377 3760        EFS             (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe

21:04:32.0403 3760        EFS - ok

21:04:32.0511 3760        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

21:04:32.0560 3760        ehRecvr - ok

21:04:32.0593 3760        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

21:04:32.0630 3760        ehSched - ok

21:04:32.0713 3760        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

21:04:32.0742 3760        elxstor - ok

21:04:32.0840 3760        ePowerSvc       (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe

21:04:32.0867 3760        ePowerSvc - ok

21:04:32.0979 3760        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

21:04:33.0023 3760        ErrDev - ok

21:04:33.0088 3760        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

21:04:33.0169 3760        EventSystem - ok

21:04:33.0211 3760        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

21:04:33.0303 3760        exfat - ok

21:04:33.0470 3760        Fabs - ok

21:04:33.0491 3760        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

21:04:33.0559 3760        fastfat - ok

21:04:33.0646 3760        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

21:04:33.0711 3760        Fax - ok

21:04:33.0746 3760        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

21:04:33.0770 3760        fdc - ok

21:04:33.0801 3760        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

21:04:33.0857 3760        fdPHost - ok

21:04:33.0882 3760        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

21:04:33.0946 3760        FDResPub - ok

21:04:33.0990 3760        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

21:04:34.0010 3760        FileInfo - ok

21:04:34.0041 3760        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

21:04:34.0104 3760        Filetrace - ok

21:04:34.0288 3760        FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

21:04:34.0357 3760        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning

21:04:34.0357 3760        FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)

21:04:34.0462 3760        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

21:04:34.0487 3760        flpydisk - ok

21:04:34.0556 3760        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

21:04:34.0581 3760        FltMgr - ok

21:04:34.0667 3760        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

21:04:34.0713 3760        FontCache - ok

21:04:34.0804 3760        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:04:34.0823 3760        FontCache3.0.0.0 - ok

21:04:34.0880 3760        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

21:04:34.0901 3760        FsDepends - ok

21:04:34.0960 3760        fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

21:04:34.0977 3760        fssfltr - ok

21:04:35.0109 3760        fsssvc          (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

21:04:35.0153 3760        fsssvc - ok

21:04:35.0264 3760        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

21:04:35.0283 3760        Fs_Rec - ok

21:04:35.0347 3760        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

21:04:35.0373 3760        fvevol - ok

21:04:35.0404 3760        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

21:04:35.0418 3760        gagp30kx - ok

21:04:35.0451 3760        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:04:35.0460 3760        GEARAspiWDM - ok

21:04:35.0544 3760        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

21:04:35.0642 3760        gpsvc - ok

21:04:35.0780 3760        Greg_Service    (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

21:04:35.0809 3760        Greg_Service - ok

21:04:35.0888 3760        gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:04:35.0906 3760        gupdate - ok

21:04:35.0956 3760        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:04:35.0972 3760        gupdatem - ok

21:04:36.0017 3760        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

21:04:36.0031 3760        gusvc - ok

21:04:36.0131 3760        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

21:04:36.0175 3760        hcw85cir - ok

21:04:36.0249 3760        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

21:04:36.0285 3760        HdAudAddService - ok

21:04:36.0324 3760        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

21:04:36.0358 3760        HDAudBus - ok

21:04:36.0381 3760        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

21:04:36.0397 3760        HidBatt - ok

21:04:36.0423 3760        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

21:04:36.0462 3760        HidBth - ok

21:04:36.0500 3760        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

21:04:36.0539 3760        HidIr - ok

21:04:36.0577 3760        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

21:04:36.0641 3760        hidserv - ok

21:04:36.0694 3760        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

21:04:36.0718 3760        HidUsb - ok

21:04:36.0756 3760        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

21:04:36.0821 3760        hkmsvc - ok

21:04:36.0870 3760        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

21:04:36.0908 3760        HomeGroupListener - ok

21:04:36.0962 3760        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

21:04:37.0013 3760        HomeGroupProvider - ok

21:04:37.0075 3760        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

21:04:37.0097 3760        HpSAMD - ok

21:04:37.0180 3760        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

21:04:37.0257 3760        HTTP - ok

21:04:37.0293 3760        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

21:04:37.0304 3760        hwpolicy - ok

21:04:37.0358 3760        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

21:04:37.0382 3760        i8042prt - ok

21:04:37.0460 3760        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

21:04:37.0480 3760        iaStorV - ok

21:04:37.0583 3760        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:04:37.0622 3760        idsvc - ok

21:04:37.0946 3760        igfx            (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys

21:04:38.0174 3760        igfx - ok

21:04:38.0301 3760        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

21:04:38.0322 3760        iirsp - ok

21:04:38.0398 3760        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

21:04:38.0473 3760        IKEEXT - ok

21:04:38.0574 3760        IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys

21:04:38.0625 3760        IntcAzAudAddService - ok

21:04:38.0741 3760        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

21:04:38.0762 3760        intelide - ok

21:04:38.0800 3760        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

21:04:38.0842 3760        intelppm - ok

21:04:38.0885 3760        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

21:04:38.0957 3760        IPBusEnum - ok

21:04:38.0992 3760        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:04:39.0053 3760        IpFilterDriver - ok

21:04:39.0125 3760        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

21:04:39.0196 3760        iphlpsvc - ok

21:04:39.0243 3760        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

21:04:39.0269 3760        IPMIDRV - ok

21:04:39.0304 3760        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

21:04:39.0368 3760        IPNAT - ok

21:04:39.0487 3760        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

21:04:39.0518 3760        iPod Service - ok

21:04:39.0545 3760        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

21:04:39.0580 3760        IRENUM - ok

21:04:39.0619 3760        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

21:04:39.0632 3760        isapnp - ok

21:04:39.0660 3760        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

21:04:39.0677 3760        iScsiPrt - ok

21:04:39.0712 3760        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

21:04:39.0725 3760        kbdclass - ok

21:04:39.0758 3760        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

21:04:39.0795 3760        kbdhid - ok

21:04:39.0833 3760        KeyIso          (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

21:04:39.0849 3760        KeyIso - ok

21:04:39.0926 3760        KMWDFILTER      (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys

21:04:39.0946 3760        KMWDFILTER - ok

21:04:39.0981 3760        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

21:04:39.0994 3760        KSecDD - ok

21:04:40.0032 3760        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

21:04:40.0046 3760        KSecPkg - ok

21:04:40.0092 3760        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

21:04:40.0175 3760        ksthunk - ok

21:04:40.0219 3760        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

21:04:40.0310 3760        KtmRm - ok

21:04:40.0365 3760        L1C             (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys

21:04:40.0384 3760        L1C - ok

21:04:40.0426 3760        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

21:04:40.0501 3760        LanmanServer - ok

21:04:40.0540 3760        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

21:04:40.0594 3760        LanmanWorkstation - ok

21:04:40.0758 3760        Lavasoft Ad-Aware Service (c48b0f913c944d736a455191ecd8ff45) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

21:04:40.0787 3760        Lavasoft Ad-Aware Service - ok

21:04:40.0861 3760        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

21:04:40.0931 3760        lltdio - ok

21:04:40.0973 3760        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

21:04:41.0017 3760        lltdsvc - ok

21:04:41.0039 3760        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

21:04:41.0081 3760        lmhosts - ok

21:04:41.0108 3760        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

21:04:41.0123 3760        LSI_FC - ok

21:04:41.0136 3760        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

21:04:41.0150 3760        LSI_SAS - ok

21:04:41.0178 3760        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:04:41.0192 3760        LSI_SAS2 - ok

21:04:41.0211 3760        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:04:41.0225 3760        LSI_SCSI - ok

21:04:41.0247 3760        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

21:04:41.0304 3760        luafv - ok

21:04:41.0348 3760        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

21:04:41.0394 3760        Mcx2Svc - ok

21:04:41.0421 3760        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

21:04:41.0434 3760        megasas - ok

21:04:41.0459 3760        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

21:04:41.0476 3760        MegaSR - ok

21:04:41.0518 3760        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

21:04:41.0601 3760        MMCSS - ok

21:04:41.0636 3760        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

21:04:41.0689 3760        Modem - ok

21:04:41.0714 3760        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

21:04:41.0751 3760        monitor - ok

21:04:41.0797 3760        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

21:04:41.0818 3760        mouclass - ok

21:04:41.0844 3760        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

21:04:41.0880 3760        mouhid - ok

21:04:41.0923 3760        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

21:04:41.0936 3760        mountmgr - ok

21:04:41.0986 3760        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

21:04:42.0001 3760        mpio - ok

21:04:42.0030 3760        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

21:04:42.0072 3760        mpsdrv - ok

21:04:42.0135 3760        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

21:04:42.0184 3760        MpsSvc - ok

21:04:42.0226 3760        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

21:04:42.0266 3760        MRxDAV - ok

21:04:42.0301 3760        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:04:42.0341 3760        mrxsmb - ok

21:04:42.0381 3760        mrxsmb10        (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:04:42.0426 3760        mrxsmb10 - ok

21:04:42.0452 3760        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:04:42.0468 3760        mrxsmb20 - ok

21:04:42.0516 3760        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

21:04:42.0535 3760        msahci - ok

21:04:42.0575 3760        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

21:04:42.0590 3760        msdsm - ok

21:04:42.0631 3760        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

21:04:42.0677 3760        MSDTC - ok

21:04:42.0717 3760        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

21:04:42.0758 3760        Msfs - ok

21:04:42.0784 3760        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

21:04:42.0855 3760        mshidkmdf - ok

21:04:42.0885 3760        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

21:04:42.0897 3760        msisadrv - ok

21:04:42.0937 3760        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

21:04:42.0982 3760        MSiSCSI - ok

21:04:42.0987 3760        msiserver - ok

21:04:43.0021 3760        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

21:04:43.0076 3760        MSKSSRV - ok

21:04:43.0103 3760        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

21:04:43.0164 3760        MSPCLOCK - ok

21:04:43.0168 3760        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

21:04:43.0217 3760        MSPQM - ok

21:04:43.0274 3760        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

21:04:43.0296 3760        MsRPC - ok

21:04:43.0331 3760        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

21:04:43.0343 3760        mssmbios - ok

21:04:43.0367 3760        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

21:04:43.0409 3760        MSTEE - ok

21:04:43.0424 3760        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

21:04:43.0440 3760        MTConfig - ok

21:04:43.0467 3760        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

21:04:43.0480 3760        Mup - ok

21:04:43.0532 3760        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

21:04:43.0598 3760        napagent - ok

21:04:43.0655 3760        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

21:04:43.0699 3760        NativeWifiP - ok

21:04:43.0784 3760        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

21:04:43.0815 3760        NDIS - ok

21:04:43.0860 3760        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

21:04:43.0902 3760        NdisCap - ok

21:04:43.0922 3760        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

21:04:43.0984 3760        NdisTapi - ok

21:04:44.0034 3760        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

21:04:44.0089 3760        Ndisuio - ok

21:04:44.0135 3760        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

21:04:44.0206 3760        NdisWan - ok

21:04:44.0240 3760        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

21:04:44.0295 3760        NDProxy - ok

21:04:44.0348 3760        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

21:04:44.0419 3760        NetBIOS - ok

21:04:44.0471 3760        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

21:04:44.0545 3760        NetBT - ok

21:04:44.0589 3760        Netlogon        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

21:04:44.0614 3760        Netlogon - ok

21:04:44.0653 3760        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

21:04:44.0724 3760        Netman - ok

21:04:44.0764 3760        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

21:04:44.0828 3760        netprofm - ok

21:04:44.0896 3760        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:04:44.0916 3760        NetTcpPortSharing - ok

21:04:44.0961 3760        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

21:04:44.0984 3760        nfrd960 - ok

21:04:45.0046 3760        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

21:04:45.0093 3760        NlaSvc - ok

21:04:45.0109 3760        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

21:04:45.0150 3760        Npfs - ok

21:04:45.0307 3760        NPF_devolo      (49697c2c761acb5c0de99cc8fe93e95b) C:\Windows\sysWOW64\drivers\npf_devolo.sys

21:04:45.0324 3760        NPF_devolo - ok

21:04:45.0355 3760        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

21:04:45.0418 3760        nsi - ok

21:04:45.0446 3760        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

21:04:45.0508 3760        nsiproxy - ok

21:04:45.0611 3760        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

21:04:45.0649 3760        Ntfs - ok

21:04:45.0723 3760        NTIBackupSvc    (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

21:04:45.0740 3760        NTIBackupSvc - ok

21:04:45.0840 3760        NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

21:04:45.0854 3760        NTIDrvr - ok

21:04:45.0896 3760        NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

21:04:45.0913 3760        NTISchedulerSvc - ok

21:04:45.0948 3760        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

21:04:46.0010 3760        Null - ok

21:04:46.0074 3760        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

21:04:46.0098 3760        nvraid - ok

21:04:46.0114 3760        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

21:04:46.0129 3760        nvstor - ok

21:04:46.0182 3760        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

21:04:46.0203 3760        nv_agp - ok

21:04:46.0294 3760        odserv          (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

21:04:46.0321 3760        odserv - ok

21:04:46.0343 3760        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

21:04:46.0360 3760        ohci1394 - ok

21:04:46.0404 3760        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:04:46.0417 3760        ose - ok

21:04:46.0452 3760        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

21:04:46.0495 3760        p2pimsvc - ok

21:04:46.0558 3760        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

21:04:46.0590 3760        p2psvc - ok

21:04:46.0614 3760        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

21:04:46.0631 3760        Parport - ok

21:04:46.0673 3760        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

21:04:46.0685 3760        partmgr - ok

21:04:46.0700 3760        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

21:04:46.0746 3760        PcaSvc - ok

21:04:46.0793 3760        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

21:04:46.0807 3760        pci - ok

21:04:46.0823 3760        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

21:04:46.0836 3760        pciide - ok

21:04:46.0863 3760        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

21:04:46.0879 3760        pcmcia - ok

21:04:46.0897 3760        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

21:04:46.0910 3760        pcw - ok

21:04:46.0946 3760        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

21:04:47.0010 3760        PEAUTH - ok

21:04:47.0081 3760        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

21:04:47.0117 3760        PerfHost - ok

21:04:47.0305 3760        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

21:04:47.0388 3760        pla - ok

21:04:47.0448 3760        PLCMPR5 - ok

21:04:47.0499 3760        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

21:04:47.0527 3760        PlugPlay - ok

21:04:47.0555 3760        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

21:04:47.0592 3760        PNRPAutoReg - ok

21:04:47.0629 3760        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

21:04:47.0649 3760        PNRPsvc - ok

21:04:47.0707 3760        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

21:04:47.0782 3760        PolicyAgent - ok

21:04:47.0826 3760        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

21:04:47.0903 3760        Power - ok

21:04:47.0979 3760        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

21:04:48.0027 3760        PptpMiniport - ok

21:04:48.0061 3760        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

21:04:48.0093 3760        Processor - ok

21:04:48.0164 3760        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

21:04:48.0245 3760        ProfSvc - ok

21:04:48.0289 3760        ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

21:04:48.0306 3760        ProtectedStorage - ok

21:04:48.0353 3760        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

21:04:48.0412 3760        Psched - ok

21:04:48.0519 3760        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

21:04:48.0567 3760        ql2300 - ok

21:04:48.0674 3760        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

21:04:48.0698 3760        ql40xx - ok

21:04:48.0733 3760        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

21:04:48.0786 3760        QWAVE - ok

21:04:48.0809 3760        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

21:04:48.0850 3760        QWAVEdrv - ok

21:04:48.0871 3760        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

21:04:48.0929 3760        RasAcd - ok

21:04:48.0964 3760        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

21:04:49.0006 3760        RasAgileVpn - ok

21:04:49.0034 3760        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

21:04:49.0078 3760        RasAuto - ok

21:04:49.0126 3760        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:04:49.0189 3760        Rasl2tp - ok

21:04:49.0234 3760        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

21:04:49.0279 3760        RasMan - ok

21:04:49.0318 3760        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

21:04:49.0394 3760        RasPppoe - ok

21:04:49.0420 3760        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

21:04:49.0487 3760        RasSstp - ok

21:04:49.0531 3760        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

21:04:49.0599 3760        rdbss - ok

21:04:49.0622 3760        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

21:04:49.0661 3760        rdpbus - ok

21:04:49.0707 3760        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:04:49.0773 3760        RDPCDD - ok

21:04:49.0801 3760        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

21:04:49.0842 3760        RDPENCDD - ok

21:04:49.0858 3760        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

21:04:49.0899 3760        RDPREFMP - ok

21:04:49.0944 3760        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

21:04:49.0987 3760        RDPWD - ok

21:04:50.0052 3760        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

21:04:50.0073 3760        rdyboost - ok

21:04:50.0100 3760        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

21:04:50.0163 3760        RemoteAccess - ok

21:04:50.0204 3760        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

21:04:50.0249 3760        RemoteRegistry - ok

21:04:50.0271 3760        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

21:04:50.0315 3760        RpcEptMapper - ok

21:04:50.0328 3760        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

21:04:50.0345 3760        RpcLocator - ok

21:04:50.0402 3760        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

21:04:50.0455 3760        RpcSs - ok

21:04:50.0492 3760        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

21:04:50.0534 3760        rspndr - ok

21:04:50.0600 3760        RSUSBSTOR       (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys

21:04:50.0646 3760        RSUSBSTOR - ok

21:04:50.0690 3760        SamSs           (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

21:04:50.0717 3760        SamSs - ok

21:04:50.0757 3760        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

21:04:50.0772 3760        sbp2port - ok

21:04:50.0802 3760        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

21:04:50.0861 3760        SCardSvr - ok

21:04:50.0898 3760        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

21:04:50.0957 3760        scfilter - ok

21:04:51.0033 3760        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

21:04:51.0102 3760        Schedule - ok

21:04:51.0145 3760        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

21:04:51.0196 3760        SCPolicySvc - ok

21:04:51.0217 3760        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

21:04:51.0257 3760        SDRSVC - ok

21:04:51.0386 3760        SeaPort         (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

21:04:51.0412 3760        SeaPort - ok

21:04:51.0467 3760        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

21:04:51.0531 3760        secdrv - ok

21:04:51.0572 3760        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

21:04:51.0613 3760        seclogon - ok

21:04:51.0643 3760        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

21:04:51.0705 3760        SENS - ok

21:04:51.0737 3760        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

21:04:51.0768 3760        SensrSvc - ok

21:04:51.0799 3760        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

21:04:51.0815 3760        Serenum - ok

21:04:51.0845 3760        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

21:04:51.0881 3760        Serial - ok

21:04:51.0933 3760        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

21:04:51.0978 3760        sermouse - ok

21:04:52.0026 3760        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

21:04:52.0085 3760        SessionEnv - ok

21:04:52.0106 3760        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

21:04:52.0143 3760        sffdisk - ok

21:04:52.0172 3760        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

21:04:52.0223 3760        sffp_mmc - ok

21:04:52.0242 3760        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

21:04:52.0286 3760        sffp_sd - ok

21:04:52.0324 3760        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

21:04:52.0362 3760        sfloppy - ok

21:04:52.0423 3760        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

21:04:52.0475 3760        SharedAccess - ok

21:04:52.0528 3760        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

21:04:52.0583 3760        ShellHWDetection - ok

21:04:52.0614 3760        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:04:52.0627 3760        SiSRaid2 - ok

21:04:52.0638 3760        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

21:04:52.0653 3760        SiSRaid4 - ok

21:04:52.0678 3760        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

21:04:52.0745 3760        Smb - ok

21:04:52.0789 3760        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

21:04:52.0829 3760        SNMPTRAP - ok

21:04:52.0851 3760        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

21:04:52.0863 3760        spldr - ok

21:04:52.0925 3760        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

21:04:52.0980 3760        Spooler - ok

21:04:53.0164 3760        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

21:04:53.0262 3760        sppsvc - ok

21:04:53.0363 3760        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

21:04:53.0444 3760        sppuinotify - ok

21:04:53.0512 3760        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

21:04:53.0567 3760        srv - ok

21:04:53.0606 3760        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

21:04:53.0647 3760        srv2 - ok

21:04:53.0681 3760        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

21:04:53.0719 3760        srvnet - ok

21:04:53.0772 3760        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

21:04:53.0832 3760        SSDPSRV - ok

21:04:53.0863 3760        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

21:04:53.0906 3760        SstpSvc - ok

21:04:53.0930 3760        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

21:04:53.0944 3760        stexstor - ok

21:04:54.0009 3760        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

21:04:54.0061 3760        stisvc - ok

21:04:54.0098 3760        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

21:04:54.0110 3760        swenum - ok

21:04:54.0161 3760        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

21:04:54.0236 3760        swprv - ok

21:04:54.0344 3760        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

21:04:54.0406 3760        SysMain - ok

21:04:54.0519 3760        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

21:04:54.0549 3760        TabletInputService - ok

21:04:54.0577 3760        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

21:04:54.0642 3760        TapiSrv - ok

21:04:54.0683 3760        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

21:04:54.0763 3760        TBS - ok

21:04:54.0922 3760        Tcpip           (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys

21:04:54.0965 3760        Tcpip - ok

21:04:55.0166 3760        TCPIP6          (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys

21:04:55.0219 3760        TCPIP6 - ok

21:04:55.0353 3760        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

21:04:55.0401 3760        tcpipreg - ok

21:04:55.0437 3760        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

21:04:55.0499 3760        TDPIPE - ok

21:04:55.0528 3760        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

21:04:55.0570 3760        TDTCP - ok

21:04:55.0614 3760        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

21:04:55.0655 3760        tdx - ok

21:04:55.0689 3760        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

21:04:55.0702 3760        TermDD - ok

21:04:55.0767 3760        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

21:04:55.0823 3760        TermService - ok

21:04:55.0841 3760        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

21:04:55.0878 3760        Themes - ok

21:04:55.0908 3760        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

21:04:55.0951 3760        THREADORDER - ok

21:04:55.0961 3760        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

21:04:56.0029 3760        TrkWks - ok

21:04:56.0108 3760        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

21:04:56.0177 3760        TrustedInstaller - ok

21:04:56.0217 3760        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:04:56.0267 3760        tssecsrv - ok

21:04:56.0316 3760        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

21:04:56.0361 3760        TsUsbFlt - ok

21:04:56.0430 3760        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

21:04:56.0501 3760        tunnel - ok

21:04:56.0537 3760        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

21:04:56.0551 3760        uagp35 - ok

21:04:56.0570 3760        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

21:04:56.0580 3760        UBHelper - ok

21:04:56.0634 3760        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

21:04:56.0696 3760        udfs - ok

21:04:56.0735 3760        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

21:04:56.0752 3760        UI0Detect - ok

21:04:56.0801 3760        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

21:04:56.0814 3760        uliagpkx - ok

21:04:56.0834 3760        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

21:04:56.0868 3760        umbus - ok

21:04:56.0913 3760        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

21:04:56.0968 3760        UmPass - ok

21:04:57.0054 3760        Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

21:04:57.0073 3760        Updater Service - ok

21:04:57.0113 3760        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

21:04:57.0161 3760        upnphost - ok

21:04:57.0208 3760        USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

21:04:57.0255 3760        USBAAPL64 - ok

21:04:57.0322 3760        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

21:04:57.0340 3760        usbccgp - ok

21:04:57.0383 3760        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

21:04:57.0403 3760        usbcir - ok

21:04:57.0430 3760        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

21:04:57.0446 3760        usbehci - ok

21:04:57.0487 3760        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

21:04:57.0522 3760        usbhub - ok

21:04:57.0564 3760        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

21:04:57.0580 3760        usbohci - ok

21:04:57.0606 3760        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

21:04:57.0650 3760        usbprint - ok

21:04:57.0686 3760        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:04:57.0726 3760        USBSTOR - ok

21:04:57.0766 3760        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

21:04:57.0804 3760        usbuhci - ok

21:04:57.0879 3760        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

21:04:57.0907 3760        usbvideo - ok

21:04:57.0935 3760        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

21:04:57.0978 3760        UxSms - ok

21:04:58.0012 3760        VaultSvc        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

21:04:58.0029 3760        VaultSvc - ok

21:04:58.0050 3760        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

21:04:58.0063 3760        vdrvroot - ok

21:04:58.0132 3760        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

21:04:58.0213 3760        vds - ok

21:04:58.0253 3760        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

21:04:58.0274 3760        vga - ok

21:04:58.0291 3760        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

21:04:58.0349 3760        VgaSave - ok

21:04:58.0392 3760        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

21:04:58.0408 3760        vhdmp - ok

21:04:58.0431 3760        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

21:04:58.0444 3760        viaide - ok

21:04:58.0463 3760        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

21:04:58.0476 3760        volmgr - ok

21:04:58.0519 3760        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

21:04:58.0537 3760        volmgrx - ok

21:04:58.0559 3760        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

21:04:58.0576 3760        volsnap - ok

21:04:58.0620 3760        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

21:04:58.0645 3760        vsmraid - ok

21:04:58.0746 3760        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

21:04:58.0835 3760        VSS - ok

21:04:58.0946 3760        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

21:04:58.0990 3760        vwifibus - ok

21:04:59.0016 3760        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

21:04:59.0038 3760        vwififlt - ok

21:04:59.0065 3760        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

21:04:59.0085 3760        vwifimp - ok

21:04:59.0124 3760        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

21:04:59.0175 3760        W32Time - ok

21:04:59.0198 3760        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

21:04:59.0231 3760        WacomPen - ok

21:04:59.0285 3760        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:04:59.0349 3760        WANARP - ok

21:04:59.0353 3760        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:04:59.0393 3760        Wanarpv6 - ok

21:04:59.0481 3760        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

21:04:59.0521 3760        wbengine - ok

21:04:59.0617 3760        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

21:04:59.0649 3760        WbioSrvc - ok

21:04:59.0698 3760        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

21:04:59.0725 3760        wcncsvc - ok

21:04:59.0740 3760        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

21:04:59.0756 3760        WcsPlugInService - ok

21:04:59.0796 3760        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

21:04:59.0809 3760        Wd - ok

21:05:00.0081 3760        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

21:05:00.0117 3760        Wdf01000 - ok

21:05:00.0141 3760        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

21:05:00.0185 3760        WdiServiceHost - ok

21:05:00.0189 3760        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

21:05:00.0212 3760        WdiSystemHost - ok

21:05:00.0250 3760        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

21:05:00.0294 3760        WebClient - ok

21:05:00.0328 3760        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

21:05:00.0374 3760        Wecsvc - ok

21:05:00.0395 3760        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

21:05:00.0458 3760        wercplsupport - ok

21:05:00.0492 3760        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

21:05:00.0558 3760        WerSvc - ok

21:05:00.0624 3760        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

21:05:00.0674 3760        WfpLwf - ok

21:05:00.0696 3760        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

21:05:00.0709 3760        WIMMount - ok

21:05:00.0757 3760        WinDefend - ok

21:05:00.0769 3760        WinHttpAutoProxySvc - ok

21:05:00.0824 3760        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

21:05:00.0872 3760        Winmgmt - ok

21:05:00.0980 3760        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

21:05:01.0050 3760        WinRM - ok

21:05:01.0188 3760        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

21:05:01.0234 3760        WinUsb - ok

21:05:01.0309 3760        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

21:05:01.0343 3760        Wlansvc - ok

21:05:01.0456 3760        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

21:05:01.0471 3760        wlcrasvc - ok

21:05:01.0612 3760        wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:05:01.0658 3760        wlidsvc - ok

21:05:01.0767 3760        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

21:05:01.0808 3760        WmiAcpi - ok

21:05:01.0865 3760        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

21:05:01.0914 3760        wmiApSrv - ok

21:05:01.0975 3760        WMPNetworkSvc - ok

21:05:02.0013 3760        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

21:05:02.0039 3760        WPCSvc - ok

21:05:02.0083 3760        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

21:05:02.0103 3760        WPDBusEnum - ok

21:05:02.0123 3760        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

21:05:02.0165 3760        ws2ifsl - ok

21:05:02.0182 3760        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

21:05:02.0221 3760        wscsvc - ok

21:05:02.0225 3760        WSearch - ok

21:05:02.0362 3760        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

21:05:02.0423 3760        wuauserv - ok

21:05:02.0537 3760        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

21:05:02.0616 3760        WudfPf - ok

21:05:02.0656 3760        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:05:02.0716 3760        WUDFRd - ok

21:05:02.0760 3760        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

21:05:02.0812 3760        wudfsvc - ok

21:05:02.0843 3760        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

21:05:02.0894 3760        WwanSvc - ok

21:05:02.0952 3760        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

21:05:03.0215 3760        \Device\Harddisk0\DR0 - ok

21:05:03.0220 3760        Boot (0x1200)   (bd7b94b72d633ee41cffb6615eee94f5) \Device\Harddisk0\DR0\Partition0

21:05:03.0222 3760        \Device\Harddisk0\DR0\Partition0 - ok

21:05:03.0273 3760        Boot (0x1200)   (6460008c9fd5b2f1d4ba91a4b5ed0d25) \Device\Harddisk0\DR0\Partition1

21:05:03.0275 3760        \Device\Harddisk0\DR0\Partition1 - ok

21:05:03.0275 3760        ============================================================

21:05:03.0275 3760        Scan finished

21:05:03.0275 3760        ============================================================

21:05:03.0296 5028        Detected object count: 1

21:05:03.0296 5028        Actual detected object count: 1

21:05:18.0841 5028        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user

21:05:18.0841 5028        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:05:25.0701 4700        Deinitialize success

Gruß
Michael

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo Arne,
ich habe ComboFix installiert und gestartet.
Hier der Inhalt der Logdatei:

[CODE]
Combofix Logfile:

Code:

ComboFix 12-07-05.01 - K&S 05.07.2012   7:43.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4026.2679 [GMT 2:00]

ausgeführt von:: c:\users\K&S\Desktop\ComboFix.exe

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\emachines.ico

c:\program files (x86)\DealPly

c:\program files (x86)\DealPly\DealPly.crx

c:\program files (x86)\DealPly\DealPly.xpi

c:\program files (x86)\DealPly\DealPlyIE.dll

c:\program files (x86)\DealPly\DealPlyUpdate.exe

c:\program files (x86)\DealPly\DealPlyUpdate.log

c:\program files (x86)\DealPly\DealPlyUpdateRun.exe

c:\program files (x86)\DealPly\icon.ico

c:\program files (x86)\DealPly\uninst.exe

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\2012 Remix.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Alex Clare - Too Close HDHQ Deutsche Übersetzung.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Aura Dione - Friends.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Avicii - Levels (Official Music Video) HQ.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Bück Dich Hoch.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Back in Time-Pitbull (Official Video).mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Caligola Forgive Forget Lyrics.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Carly Rae Jepsen - Call me Maybe Lyrics.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Count on me - Bruno Mars.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Cro - Easy.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Culcha Candela - Von Allein [Official Lyrics].mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Culcha Candela - Wildes Ding (Official Video).mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Deichkind - Leider Geil (Official Video).mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Die Toten Hosen - „Tage wie diese&quot; [HQ Video].mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\DJane HouseKat feat. Rameez - My Party (Official Video).mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\FLORIDA RIGHT ROUND.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Jennifer Lopez feat. Pitbull - Dance Again [Official Lyrics Video  HQHD].mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Ma Chérie-Dj Antoine.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Martin Solveig &amp; Dragonette - Hello (Sidney Samson Remix).mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Mike Candys &amp; Evelyn Feat. Patrick Miller - One Night In Ibiza.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Mike Candys feat. Evelyn &amp; Patrick Miller - 2012 (If The World Would End).mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Nicki Minaj - Starships [Official Lyrics Video  HDHQ].mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Olly Murs Feat. Rizzle Kicks - Heart Skips A Beat (Original Version) [HQ].mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Pitbull Feat. Chris Brown - International Love.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Sean Paul - &quot;She Doesnt Mind&quot; [AUDIO].mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Skrillex - WEEKENDS!!! (feat. Sirah).mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Snoop Dogg &amp; Wiz Khalifa Feat. Bruno Mars - Young Wild &amp; Free (Final) ( 2011)OFFICIAL VIDEO.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Somebody That I Used To Know by GotyeHQ.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Taio Cruz feat. Pitbull - There she goes Lyrics.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Taio Cruz Troublemaker.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Techno remix 2012.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Train - Drive By.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Unheilig So wie du warst.mp3

c:\users\Michael\20120524_Musik MP3-PLayer Sebastian\coole musik\Wild Ones - FloRida.mp3

c:\users\Sebastian\AppData\Roaming\AcroIEHelpe.txt

c:\users\Sebastian\AppData\Roaming\srvblck5.tmp

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-06-05 bis 2012-07-05  ))))))))))))))))))))))))))))))

.

.

2012-07-05 05:50 . 2012-07-05 05:50        --------        d-----w-        c:\users\Sebastian\AppData\Local\temp

2012-07-05 05:50 . 2012-07-05 05:50        --------        d-----w-        c:\users\Kristina\AppData\Local\temp

2012-07-05 05:50 . 2012-07-05 05:50        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-07-02 20:07 . 2012-07-02 20:07        --------        d-----w-        c:\users\Sebastian\AppData\Local\VirtualStore

2012-07-02 19:40 . 2012-07-02 19:40        --------        d-----w-        C:\_OTL

2012-06-28 16:53 . 2012-06-28 16:53        --------        d-----w-        c:\program files (x86)\ESET

2012-06-28 16:17 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-28 16:17 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-28 16:17 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll

2012-06-28 16:17 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll

2012-06-28 16:17 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll

2012-06-28 16:17 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-28 16:17 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll

2012-06-28 16:16 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll

2012-06-28 16:16 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe

2012-06-21 17:52 . 2012-06-21 17:52        --------        d-----w-        c:\users\K&S\AppData\Roaming\Malwarebytes

2012-06-21 17:52 . 2012-06-24 12:23        --------        d-----w-        c:\programdata\Malwarebytes

2012-06-21 17:52 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-06-21 17:52 . 2012-06-21 17:52        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-21 13:02 . 2012-06-21 13:02        --------        d-----w-        c:\programdata\mcrpgfzsodfwmdp

2012-06-19 19:23 . 2012-06-19 19:23        --------        d-----w-        c:\users\Sebastian\AppData\Roaming\01048

2012-06-19 11:41 . 2012-06-19 11:41        --------        d-----w-        c:\users\Sebastian\AppData\Roaming\01047

2012-06-18 16:44 . 2012-06-18 16:44        --------        d-----w-        c:\users\Sebastian\AppData\Roaming\01046

2012-06-15 17:45 . 2012-06-15 17:45        --------        d-----w-        c:\users\Sebastian\AppData\Roaming\01044

2012-06-14 14:32 . 2012-06-14 14:32        --------        d-----w-        c:\users\Sebastian\AppData\Roaming\01043

2012-06-13 12:45 . 2012-06-13 12:45        --------        d-----w-        c:\users\Sebastian\AppData\Roaming\01042

2012-06-12 13:19 . 2012-06-12 13:19        --------        d-----w-        c:\users\Sebastian\AppData\Roaming\01041

2012-06-09 19:56 . 2012-06-09 19:56        --------        d-----w-        c:\program files\CCleaner

2012-06-09 15:48 . 2012-06-09 15:48        --------        d-----w-        c:\users\Sebastian\AppData\Roaming\01040

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-09 20:13 . 2012-03-31 19:19        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-09 20:13 . 2011-06-12 11:57        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-24 39408]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AutoLaunch"="c:\program files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-04-19 743584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

StarOffice 8.lnk - c:\program files (x86)\Sun\StarOffice 8\program\quickstart.exe [2005-6-21 122880]

.

c:\users\K&S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

StarOffice 8.lnk - c:\program files (x86)\Sun\StarOffice 8\program\quickstart.exe [2005-6-21 122880]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

phase-6 Reminder.lnk - c:\program files (x86)\phase-6\phase-6\reminder\reminder.exe [2010-6-28 1032192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 135664]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 135664]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;c:\windows\system32\PLCMPR5.SYS [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-09-30 844320]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]

S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-04-19 1181328]

S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2007-02-07 34048]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 13:21]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 13:21]

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4284497293-1136568860-3551687546-1002Core.job

- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 13:52]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4284497293-1136568860-3551687546-1002UA.job

- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 13:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]

"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-09-30 823840]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]

"PLD_FrameworkRun"="c:\windows\system32\oem\_NowIntoDT.vbs" [2009-10-11 490]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = 

mLocal Page = 

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.253

FF - ProfilePath - c:\users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - 

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - user.js: extensions.BabylonToolbar_i.id - 604962b5000000000000964ce51719e9

FF - user.js: extensions.BabylonToolbar_i.hardId - 604962b5000000000000964ce51719e9

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15462

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:41

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819

FF - user.js: extensions.BabylonToolbar_i.babExt - 

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23600251325532670690742012050217414912');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '2');

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe

AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe

AddRemove-Emperors New Groove - c:\windows\IsUn0407.exe

AddRemove-S4Uninst - c:\windows\IsUn0407.exe

AddRemove-SABRINA - c:\windows\IsUn0407.exe

AddRemove-Wincore MediaBar - c:\program files (x86)\BearShare Applications\MediaBar\uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\SecuROM\License information*]

"datasecu"=hex:f2,ca,1a,73,fe,5b,1e,78,84,1e,34,a1,2d,ce,8e,d1,e0,1b,6b,ed,75,

   1a,e5,b5,f5,86,be,34,5a,2c,a7,c7,0f,60,42,fa,65,5a,43,f6,9f,76,ec,8c,73,7a,\

"rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-07-05  08:00:11 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-07-05 06:00

.

Vor Suchlauf: 16 Verzeichnis(se), 159.489.683.456 Bytes frei

Nach Suchlauf: 22 Verzeichnis(se), 159.784.861.696 Bytes frei

.

- - End Of File - - 7775D59835124E6D6E30CEA36356E69B

--- --- ---

Gruß
Michael

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Folder::

c:\programdata\mcrpgfzsodfwmdp

c:\users\Sebastian\AppData\Roaming\01048

c:\users\Sebastian\AppData\Roaming\01047

c:\users\Sebastian\AppData\Roaming\01046

c:\users\Sebastian\AppData\Roaming\01044

c:\users\Sebastian\AppData\Roaming\01043

c:\users\Sebastian\AppData\Roaming\01042

c:\users\Sebastian\AppData\Roaming\01041

c:\users\Sebastian\AppData\Roaming\01040
 

Firefox::

FF - ProfilePath - c:\users\K&S\AppData\Roaming\Mozilla\Firefox\Profiles\al0jc1yx.default\

FF - user.js: extensions.BabylonToolbar_i.id - 604962b5000000000000964ce51719e9

FF - user.js: extensions.BabylonToolbar_i.hardId - 604962b5000000000000964ce51719e9

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15462

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:41

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819

FF - user.js: extensions.BabylonToolbar_i.babExt - 

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

user_pref('extensions.dealply.partner', 'iron');

user_pref('extensions.dealply.channel', 'iron3');

user_pref('extensions.dealply.installId', 'v23600251325532670690742012050217414912');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '2');

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo Arne,
ich habe die Datei CFScript.txt wie beschrieben angelegt.
Leider kann ich ComboFix nicht wie beschrieben aufrufen. Ich bekomme immer die Fehlermeldung: "Hast Du versucht , CFScript auszuführen?
Der Name, CFScript scheint nicht korrekt buchstabiert zu sein".

Wenn man dann den OK-Button drückt wird das Programm beendet.

Ich habe zur Doku 2 Hardcopys als Anhang an die Mail gehängt.

Was ist da falsch?

Gruß
Michael

Hm, das hatte ich noch nie berichtet bekommen sowas :wtf:
Evtl ist das ein Bug in CF, lade die combofix.exe bitte neu runter und probier es nochmal

Hallo Arne,
ich habe CombFix neu heruntergeladen und installiert.
Der Fehler bleibt aber unverändert.

Gruß
Michael

Vergib der Textdatei mal den Dateinamen cfscript.txt und probiers nochmal

Hallo Arne,
ich habe die alte Datei gelöscht und neu, wie von Dir beschrieben, angelegt.
Das Ergebnis bleibt dasselbe (siehe Hardcopy).

Gruß
Michael

Hmpf :balla:

Dann versuchen wir den Fix über OTL zu machen

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:

:Files

c:\programdata\mcrpgfzsodfwmdp

c:\users\Sebastian\AppData\Roaming\01048

c:\users\Sebastian\AppData\Roaming\01047

c:\users\Sebastian\AppData\Roaming\01046

c:\users\Sebastian\AppData\Roaming\01044

c:\users\Sebastian\AppData\Roaming\01043

c:\users\Sebastian\AppData\Roaming\01042

c:\users\Sebastian\AppData\Roaming\01041

c:\users\Sebastian\AppData\Roaming\01040

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Hallo Arne,
ich habe den Fix mit OTL gemacht.
Das hat funktioniert.
Hier der Inhalt des Log-Files:

Code:

All processes killed

========== FILES ==========

c:\programdata\mcrpgfzsodfwmdp folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01048\components folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01048 folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01047\components folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01047 folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01046\components folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01046 folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01044\components folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01044 folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01043\components folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01043 folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01042\components folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01042 folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01041\components folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01041 folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01040\components folder moved successfully.

c:\users\Sebastian\AppData\Roaming\01040 folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: K&S

->Temp folder emptied: 33386685 bytes

->Temporary Internet Files folder emptied: 67212338 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 1729 bytes

 

User: Kristina

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Michael

->Temp folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Rezepte

->Temp folder emptied: 0 bytes

 

User: Sebastian

->Temp folder emptied: 3216881 bytes

->Temporary Internet Files folder emptied: 48624215 bytes

->Java cache emptied: 51478 bytes

->FireFox cache emptied: 52943599 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 2254 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 279431 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 196,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: K&S

->Flash cache emptied: 0 bytes

 

User: Kristina

->Flash cache emptied: 0 bytes

 

User: Michael

 

User: Public

 

User: Rezepte

 

User: Sebastian

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.53.1 log created on 07062012_175254
 

Files\Folders moved on Reboot...

C:\Users\K&S\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

PendingFileRenameOperations files...

File C:\Users\K&S\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
 

Registry entries deleted on Reboot...

Gruß
Michael

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Hallo Arne,
entschuldige bitte, dass ich mich solange nicht gemeldet habe.
Ich war im Urlaub und konnte den Rechner nicht mitnehmen.
Deshalb melde ich mich erst jetzt.

Ich habe wie von Dir gewünscht ein Zip-Archiv mit den Dateien erstellt und nach Anleitung den Upload gemacht.

Ich hoffe ich habe alles richtig gemacht.

Gruß
Michael

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hallo Arne,
ich habe GMER, OSAM und aswMBR.exe ausgeführt.
GMER hat nichts gefunden.

Hier das LOG von OSAM:

Code:

OSAM Logfile:
 

        Code:


        
Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 22:43:14 on 29.07.2012
 

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit

Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"Ad-Aware Update (Daily 1).job" - ? - C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe  (File not found)

"Ad-Aware Update (Daily 2).job" - ? - C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe  (File not found)

"Ad-Aware Update (Daily 3).job" - ? - C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe  (File not found)

"Ad-Aware Update (Daily 4).job" - ? - C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe  (File not found)

"Ad-Aware Update (Weekly).job" - ? - C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe  (File not found)

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-4284497293-1136568860-3551687546-1002Core.job" - "Google Inc." - C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-4284497293-1136568860-3551687546-1002UA.job" - "Google Inc." - C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys

"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys

"NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\Windows\sysWOW64\drivers\npf_devolo.sys

"NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys

"PLCMPR5 NDIS Protocol Driver" (PLCMPR5) - ? - C:\Windows\system32\PLCMPR5.SYS  (File not found)

"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files (x86)\WinRAR\rarext.dll

{B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? -   (File not found | COM-object registry key not found)

{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Avira SearchFree Toolbar plus Web Protection" - "Ask" - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

<binary data> "ChatZum Toolbar" - ? - C:\Program Files (x86)\ChatZum Toolbar\tbunsyA76A.tmp\tbcore3.dll

<binary data> "FLV Runner Toolbar" - "Conduit Ltd." - C:\Program Files (x86)\FLV_Runner\prxtbFLV_.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{3bbd3c14-4c16-4989-8366-95bc9179779d} "FLV Runner Toolbar" - "Conduit Ltd." - C:\Program Files (x86)\FLV_Runner\prxtbFLV_.dll

{CA3EB689-8F09-4026-AA10-B9534C691CE0} "ToolbarURLSearchHook Class" - ? - C:\Program Files (x86)\ChatZum Toolbar\tbunsyA76A.tmp\tbhelper.dll

{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask" - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre1.6.0_22\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\SysWow64\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

{48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100" - ? - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll  (File not found)

<binary data> "Avira SearchFree Toolbar plus Web Protection" - "Ask" - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

<binary data> "ChatZum Toolbar" - ? - C:\Program Files (x86)\ChatZum Toolbar\tbunsyA76A.tmp\tbcore3.dll

{3bbd3c14-4c16-4989-8366-95bc9179779d} "FLV Runner Toolbar" - "Conduit Ltd." - C:\Program Files (x86)\FLV_Runner\prxtbFLV_.dll

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{D4027C7F-154A-4066-A1AD-4243D8127440} "Avira SearchFree Toolbar plus Web Protection" - "Ask" - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

{3bbd3c14-4c16-4989-8366-95bc9179779d} "FLV Runner Toolbar" - "Conduit Ltd." - C:\Program Files (x86)\FLV_Runner\prxtbFLV_.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

{FCBCCB87-9224-4B8D-B117-F56D924BEB18} "XBTBPos00 Class" - ? - C:\Program Files (x86)\ChatZum Toolbar\tbunsyA76A.tmp\tbcore3.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"OpenOffice.org 3.3.lnk" - ? - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

"StarOffice 8.lnk" - ? - C:\Program Files (x86)\Sun\StarOffice 8\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"phase-6 Reminder.lnk" - "phase-6" - C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"swg" - "Google Inc." - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----

"FlashPlayerUpdate" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe -update activex

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"ApnUpdater" - "Ask" - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

"CanonSolutionMenuEx" - "CANON INC." - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe

"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"CUSTPDF Writer Monitor x86" - ? - C:\Windows\system32\custmon64i.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)

"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)

"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"GRegService" (Greg_Service) - "Acer Incorporated" - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

"Updater Service" (Updater Service) - "Acer" - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll

"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

 
--- --- ---
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und das LOG vom aswMBR.exe :

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-07-29 22:46:57

-----------------------------

22:46:57.266    OS Version: Windows x64 6.1.7601 Service Pack 1

22:46:57.266    Number of processors: 2 586 0x170A

22:46:57.267    ComputerName: LAPTOP  UserName: K&S

22:46:58.426    Initialize success

22:51:19.776    AVAST engine defs: 12072901

22:51:49.655    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

22:51:49.659    Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC60F Size: 238475MB BusType: 11

22:51:49.680    Disk 0 MBR read successfully

22:51:49.685    Disk 0 MBR scan

22:51:49.694    Disk 0 Windows 7 default MBR code

22:51:49.699    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12291 MB offset 63

22:51:49.736    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          101 MB offset 25173855

22:51:49.755    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       226080 MB offset 25382700

22:51:49.816    Disk 0 scanning C:\Windows\system32\drivers

22:52:01.858    Service scanning

22:52:35.043    Modules scanning

22:52:35.058    Disk 0 trace - called modules:

22:52:35.094    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

22:52:35.106    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c3a060]

22:52:35.115    3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80047e7520]

22:52:35.125    5 ACPI.sys[fffff88000d547a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047dc1f0]

22:52:36.282    AVAST engine scan C:\Windows

22:52:39.460    AVAST engine scan C:\Windows\system32

22:55:41.535    AVAST engine scan C:\Windows\system32\drivers

22:55:56.515    AVAST engine scan C:\Users\K&S

22:58:23.819    AVAST engine scan C:\ProgramData

23:01:00.744    Scan finished successfully

23:01:20.069    Disk 0 MBR has been saved successfully to "C:\Users\K&S\Desktop\MBR.dat"

23:01:20.077    The log file has been saved successfully to "C:\Users\K&S\Desktop\aswMBR.txt"

Gruß
Michael

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hallo Arne,
ich habe die gewünschten Scans gemacht-

Hier der Inhalt der Log-Dateien.

Malwarebytes:

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.07.30.08
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

K&S :: LAPTOP [Administrator]
 

30.07.2012 19:57:24

mbam-log-2012-07-30 (19-57-24).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 410229

Laufzeit: 1 Stunde(n), 7 Minute(n), 13 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\Sebastian\Downloads\winrar_setup.exe (PUP.AdBundle) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

und
SUPERAntiSpyware:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 07/31/2012 at 09:15 PM
 

Application Version : 5.5.1012
 

Core Rules Database Version : 8986

Trace Rules Database Version: 6798
 

Scan type       : Complete Scan

Total Scan Time : 02:02:43
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 578

Memory threats detected   : 0

Registry items scanned    : 65825

Registry threats detected : 25

File items scanned        : 169629

File threats detected     : 893
 

Adware.HBHelper

        (x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

        (x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32

        (x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel

        (x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID

        (x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib

        (x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID

        (x86) HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

        (x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

        (x86) HKCR\URLSearchHook.ToolbarURLSearchHook.1

        (x86) HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID

        (x86) HKCR\URLSearchHook.ToolbarURLSearchHook

        (x86) HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID

        (x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

        (x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0

        (x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0

        (x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32

        (x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS

        (x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR

        C:\PROGRAM FILES (X86)\CHATZUM TOOLBAR\TBUNSYA76A.TMP\TBHELPER.DLL

        (x86) HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

        (x86) HKU\S-1-5-21-4284497293-1136568860-3551687546-1000\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}

        (x86) HKU\S-1-5-21-4284497293-1136568860-3551687546-1000_Classes\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}
 

Browser Hijacker.Deskbar

        (x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

        (x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32

        (x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib

        (x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
 

Adware.Tracking Cookie

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@ad.360yield[2].txt [ /ad.360yield ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@ad.dyntracker[2].txt [ /ad.dyntracker ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@ad.zanox[1].txt [ /ad.zanox ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@ad1.adfarm1.adition[1].txt [ /ad1.adfarm1.adition ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@ad2.adfarm1.adition[2].txt [ /ad2.adfarm1.adition ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@ad3.adfarm1.adition[2].txt [ /ad3.adfarm1.adition ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@ad4.adfarm1.adition[2].txt [ /ad4.adfarm1.adition ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@adfarm1.adition[1].txt [ /adfarm1.adition ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@adform[1].txt [ /adform ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@ads.creative-serving[2].txt [ /ads.creative-serving ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@ads.immobilienscout24[1].txt [ /ads.immobilienscout24 ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@adx.chip[2].txt [ /adx.chip ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@adx2.chip[2].txt [ /adx2.chip ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@e-2dj6wfl4und5sdo.stats.esomniture[1].txt [ /e-2dj6wfl4und5sdo.stats.esomniture ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@horyzon-media[2].txt [ /horyzon-media ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@in.getclicky[1].txt [ /in.getclicky ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@invitemedia[1].txt [ /invitemedia ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@revsci[1].txt [ /revsci ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@server.adform[2].txt [ /server.adform ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@stats.ilivid[1].txt [ /stats.ilivid ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@track.adform[1].txt [ /track.adform ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@tracking.quisma[1].txt [ /tracking.quisma ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@unitymedia[2].txt [ /unitymedia ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@webmasterplan[1].txt [ /webmasterplan ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@www.googleadservices[2].txt [ /www.googleadservices ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@zanox-affiliate[2].txt [ /zanox-affiliate ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@zanox[2].txt [ /zanox ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@de.sitestat[4].txt [ /de.sitestat.com ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@de.sitestat[1].txt [ /de.sitestat.com ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@de.sitestat[2].txt [ /de.sitestat.com ]

        C:\Users\K&S\AppData\Roaming\Microsoft\Windows\Cookies\k&s@de.sitestat[3].txt [ /de.sitestat.com ]

        C:\USERS\K&S\AppData\Roaming\Microsoft\Windows\Cookies\Low\k&s@revsci[2].txt [ Cookie:k&s@revsci.net/ ]

        C:\USERS\K&S\AppData\Roaming\Microsoft\Windows\Cookies\Low\k&s@adx2.chip[2].txt [ Cookie:k&s@adx2.chip.de/ ]

        C:\USERS\K&S\Cookies\k&s@track.adform[1].txt [ Cookie:k&s@track.adform.net/ ]

        C:\USERS\K&S\Cookies\k&s@zanox[2].txt [ Cookie:k&s@zanox.com/ ]

        C:\USERS\K&S\Cookies\k&s@ad1.adfarm1.adition[1].txt [ Cookie:k&s@ad1.adfarm1.adition.com/ ]

        C:\USERS\K&S\Cookies\k&s@ad.dyntracker[2].txt [ Cookie:k&s@ad.dyntracker.de/ ]

        C:\USERS\K&S\Cookies\k&s@www.googleadservices[2].txt [ Cookie:k&s@www.googleadservices.com/pagead/conversion/1010834855/ ]

        C:\USERS\K&S\Cookies\k&s@revsci[1].txt [ Cookie:k&s@revsci.net/ ]

        C:\USERS\K&S\Cookies\k&s@zanox-affiliate[2].txt [ Cookie:k&s@zanox-affiliate.de/ ]

        C:\USERS\K&S\Cookies\k&s@de.sitestat[4].txt [ Cookie:k&s@de.sitestat.com/ndr/ ]

        C:\USERS\K&S\Cookies\k&s@adform[1].txt [ Cookie:k&s@adform.net/ ]

        C:\USERS\K&S\Cookies\k&s@de.sitestat[1].txt [ Cookie:k&s@de.sitestat.com/is24-mail/is24-mail/ ]

        C:\USERS\K&S\Cookies\k&s@de.sitestat[2].txt [ Cookie:k&s@de.sitestat.com/is24/is24/ ]

        C:\USERS\K&S\Cookies\k&s@ad.zanox[1].txt [ Cookie:k&s@ad.zanox.com/ ]

        C:\USERS\K&S\Cookies\k&s@adfarm1.adition[1].txt [ Cookie:k&s@adfarm1.adition.com/ ]

        C:\USERS\K&S\Cookies\k&s@ad4.adfarm1.adition[2].txt [ Cookie:k&s@ad4.adfarm1.adition.com/ ]

        C:\USERS\K&S\Cookies\k&s@de.sitestat[3].txt [ Cookie:k&s@de.sitestat.com/ndr/ndr/ ]

        C:\USERS\K&S\Cookies\k&s@adx2.chip[2].txt [ Cookie:k&s@adx2.chip.de/ ]

        C:\USERS\K&S\Cookies\k&s@webmasterplan[1].txt [ Cookie:k&s@webmasterplan.com/ ]

        C:\USERS\K&S\Cookies\k&s@stats.ilivid[1].txt [ Cookie:k&s@stats.ilivid.com/ ]

        C:\USERS\K&S\Cookies\k&s@server.adform[2].txt [ Cookie:k&s@server.adform.net/ ]

        C:\USERS\K&S\Cookies\k&s@horyzon-media[2].txt [ Cookie:k&s@horyzon-media.com/ ]

        C:\USERS\K&S\Cookies\k&s@ad2.adfarm1.adition[2].txt [ Cookie:k&s@ad2.adfarm1.adition.com/ ]

        C:\USERS\K&S\Cookies\k&s@unitymedia[2].txt [ Cookie:k&s@unitymedia.de/ ]

        C:\USERS\K&S\Cookies\k&s@in.getclicky[1].txt [ Cookie:k&s@in.getclicky.com/ ]

        C:\USERS\K&S\Cookies\k&s@tracking.quisma[1].txt [ Cookie:k&s@tracking.quisma.com/ ]

        C:\USERS\K&S\Cookies\k&s@ad3.adfarm1.adition[2].txt [ Cookie:k&s@ad3.adfarm1.adition.com/ ]

        C:\USERS\K&S\Cookies\k&s@invitemedia[1].txt [ Cookie:k&s@invitemedia.com/ ]

        C:\USERS\K&S\Cookies\k&s@www.zanox-affiliate[1].txt [ Cookie:k&s@www.zanox-affiliate.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@media.gan-online[2].txt [ Cookie:kristina@media.gan-online.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@zanox[1].txt [ Cookie:kristina@zanox.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@traffictrack[2].txt [ Cookie:kristina@traffictrack.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@ad2.adfarm1.adition[2].txt [ Cookie:kristina@ad2.adfarm1.adition.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@ad.adnet[2].txt [ Cookie:kristina@ad.adnet.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@apmebf[1].txt [ Cookie:kristina@apmebf.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@adinterax[2].txt [ Cookie:kristina@adinterax.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@ww251.smartadserver[2].txt [ Cookie:kristina@ww251.smartadserver.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@invitemedia[2].txt [ Cookie:kristina@invitemedia.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@webmasterplan[1].txt [ Cookie:kristina@webmasterplan.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@yadro[2].txt [ Cookie:kristina@yadro.ru/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@www.zanox-affiliate[2].txt [ Cookie:kristina@www.zanox-affiliate.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@server.cpmstar[1].txt [ Cookie:kristina@server.cpmstar.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@tracking.tchibo[1].txt [ Cookie:kristina@tracking.tchibo.de/683553670525906/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@stats.schulzeux[1].txt [ Cookie:kristina@stats.schulzeux.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@secmedia[2].txt [ Cookie:kristina@secmedia.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@track.effiliation[1].txt [ Cookie:kristina@track.effiliation.com/servlet/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@stats.stada[2].txt [ Cookie:kristina@stats.stada.de/piwik/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@smartadserver[1].txt [ Cookie:kristina@smartadserver.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@adx.chip[1].txt [ Cookie:kristina@adx.chip.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@ad4.adfarm1.adition[1].txt [ Cookie:kristina@ad4.adfarm1.adition.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@doubleclick[2].txt [ Cookie:kristina@doubleclick.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@ad1.adfarm1.adition[2].txt [ Cookie:kristina@ad1.adfarm1.adition.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@unitymedia-internet[1].txt [ Cookie:kristina@unitymedia-internet.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@beacons.hottraffic[1].txt [ Cookie:kristina@beacons.hottraffic.nl/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@content.yieldmanager[1].txt [ Cookie:kristina@content.yieldmanager.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@ad.zanox[1].txt [ Cookie:kristina@ad.zanox.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@track.effiliation[3].txt [ Cookie:kristina@track.effiliation.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@imrworldwide[2].txt [ Cookie:kristina@imrworldwide.com/cgi-bin ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@adform[2].txt [ Cookie:kristina@adform.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@revsci[1].txt [ Cookie:kristina@revsci.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@eas.apm.emediate[1].txt [ Cookie:kristina@eas.apm.emediate.eu/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@google[1].txt [ Cookie:kristina@google.com/accounts/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@ads.quartermedia[1].txt [ Cookie:kristina@ads.quartermedia.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@ad3.adfarm1.adition[2].txt [ Cookie:kristina@ad3.adfarm1.adition.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@eyewonder[1].txt [ Cookie:kristina@eyewonder.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@adtech[1].txt [ Cookie:kristina@adtech.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@xiti[1].txt [ Cookie:kristina@xiti.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@adxpose[2].txt [ Cookie:kristina@adxpose.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@himedia.individuad[2].txt [ Cookie:kristina@himedia.individuad.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@atdmt[2].txt [ Cookie:kristina@atdmt.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@stats.portalis[2].txt [ Cookie:kristina@stats.portalis.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@nextag[1].txt [ Cookie:kristina@nextag.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@track.adform[2].txt [ Cookie:kristina@track.adform.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@tradedoubler[2].txt [ Cookie:kristina@tradedoubler.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@tracking.quisma[1].txt [ Cookie:kristina@tracking.quisma.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@questionmarket[1].txt [ Cookie:kristina@questionmarket.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@www.etracker[1].txt [ Cookie:kristina@www.etracker.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@zanox-affiliate[2].txt [ Cookie:kristina@zanox-affiliate.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@tracker.twenga[1].txt [ Cookie:kristina@tracker.twenga.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@content.yieldmanager[3].txt [ Cookie:kristina@content.yieldmanager.com/ak/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@dyntracker[1].txt [ Cookie:kristina@dyntracker.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@liveperson[1].txt [ Cookie:kristina@liveperson.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@urbia.wwe-media[2].txt [ Cookie:kristina@urbia.wwe-media.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@taucherdiscount[1].txt [ Cookie:kristina@taucherdiscount.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@www.googleadservices[5].txt [ Cookie:kristina@www.googleadservices.com/pagead/conversion/1064336533/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@tracking.mindshare[1].txt [ Cookie:kristina@tracking.mindshare.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@adserver.doccheck[2].txt [ Cookie:kristina@adserver.doccheck.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@bs.serving-sys[2].txt [ Cookie:kristina@bs.serving-sys.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@hightraffic.hugoboss[2].txt [ Cookie:kristina@hightraffic.hugoboss.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@www.moviepilot[2].txt [ Cookie:kristina@www.moviepilot.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@go.dynamic-tracking[2].txt [ Cookie:kristina@go.dynamic-tracking.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@tn.motorpresse-statistik[1].txt [ Cookie:kristina@tn.motorpresse-statistik.de/track/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@edge.download.newmedia.nacamar[1].txt [ Cookie:kristina@edge.download.newmedia.nacamar.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@ad.adition[1].txt [ Cookie:kristina@ad.adition.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@moviepilot[1].txt [ Cookie:kristina@moviepilot.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@stat.dealtime[1].txt [ Cookie:kristina@stat.dealtime.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@www.burstnet[1].txt [ Cookie:kristina@www.burstnet.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@hit.stat[1].txt [ Cookie:kristina@hit.stat.pl/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@creativdiscount[1].txt [ Cookie:kristina@creativdiscount.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@clickfuse[1].txt [ Cookie:kristina@clickfuse.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@4stats[1].txt [ Cookie:kristina@4stats.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@unister-adservices[1].txt [ Cookie:kristina@unister-adservices.com/campaign/conversion/22 ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@server.adform[2].txt [ Cookie:kristina@server.adform.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@bannerox.gelsen[2].txt [ Cookie:kristina@bannerox.gelsen.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@ad.dyntracker[2].txt [ Cookie:kristina@ad.dyntracker.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@statcounter[1].txt [ Cookie:kristina@statcounter.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@lfstmedia[2].txt [ Cookie:kristina@lfstmedia.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@www.googleadservices[1].txt [ Cookie:kristina@www.googleadservices.com/pagead/conversion/1072463308/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@www.googleadservices[4].txt [ Cookie:kristina@www.googleadservices.com/pagead/conversion/1004793292/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@server.adformdsp[1].txt [ Cookie:kristina@server.adformdsp.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@zbox.zanox[1].txt [ Cookie:kristina@zbox.zanox.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@adformdsp[1].txt [ Cookie:kristina@adformdsp.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\kristina@www.123-counter[1].txt [ Cookie:kristina@www.123-counter.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@zanox[1].txt [ Cookie:kristina@zanox.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@ad2.adfarm1.adition[2].txt [ Cookie:kristina@ad2.adfarm1.adition.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@apmebf[1].txt [ Cookie:kristina@apmebf.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@invitemedia[2].txt [ Cookie:kristina@invitemedia.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@de.sitestat[1].txt [ Cookie:kristina@de.sitestat.com/sueddeutsche/sueddeutsche/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@webmasterplan[1].txt [ Cookie:kristina@webmasterplan.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@www.googleadservices[3].txt [ Cookie:kristina@www.googleadservices.com/pagead/conversion/1053571262/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@www.zanox-affiliate[1].txt [ Cookie:kristina@www.zanox-affiliate.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@smartadserver[1].txt [ Cookie:kristina@smartadserver.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@bs.serving-sys[1].txt [ Cookie:kristina@bs.serving-sys.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@doubleclick[1].txt [ Cookie:kristina@doubleclick.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@ad1.adfarm1.adition[2].txt [ Cookie:kristina@ad1.adfarm1.adition.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@ad.zanox[2].txt [ Cookie:kristina@ad.zanox.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@adform[2].txt [ Cookie:kristina@adform.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@revsci[2].txt [ Cookie:kristina@revsci.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@tomtailor.dyntracker[2].txt [ Cookie:kristina@tomtailor.dyntracker.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@ad3.adfarm1.adition[1].txt [ Cookie:kristina@ad3.adfarm1.adition.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@server.adform[2].txt [ Cookie:kristina@server.adform.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@ad.dyntracker[2].txt [ Cookie:kristina@ad.dyntracker.de/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@atdmt[2].txt [ Cookie:kristina@atdmt.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@track.adform[2].txt [ Cookie:kristina@track.adform.net/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@tracking.quisma[1].txt [ Cookie:kristina@tracking.quisma.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@questionmarket[2].txt [ Cookie:kristina@questionmarket.com/ ]

        C:\USERS\KRISTINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\kristina@zanox-affiliate[1].txt [ Cookie:kristina@zanox-affiliate.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@media.gan-online[2].txt [ Cookie:kristina@media.gan-online.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@zanox[1].txt [ Cookie:kristina@zanox.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@traffictrack[2].txt [ Cookie:kristina@traffictrack.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@ad2.adfarm1.adition[2].txt [ Cookie:kristina@ad2.adfarm1.adition.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@ad.adnet[2].txt [ Cookie:kristina@ad.adnet.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@apmebf[1].txt [ Cookie:kristina@apmebf.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@adinterax[2].txt [ Cookie:kristina@adinterax.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@ww251.smartadserver[2].txt [ Cookie:kristina@ww251.smartadserver.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@invitemedia[2].txt [ Cookie:kristina@invitemedia.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@webmasterplan[1].txt [ Cookie:kristina@webmasterplan.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@yadro[2].txt [ Cookie:kristina@yadro.ru/ ]

        C:\USERS\KRISTINA\Cookies\kristina@www.zanox-affiliate[2].txt [ Cookie:kristina@www.zanox-affiliate.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@server.cpmstar[1].txt [ Cookie:kristina@server.cpmstar.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@tracking.tchibo[1].txt [ Cookie:kristina@tracking.tchibo.de/683553670525906/ ]

        C:\USERS\KRISTINA\Cookies\kristina@stats.schulzeux[1].txt [ Cookie:kristina@stats.schulzeux.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@secmedia[2].txt [ Cookie:kristina@secmedia.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@track.effiliation[1].txt [ Cookie:kristina@track.effiliation.com/servlet/ ]

        C:\USERS\KRISTINA\Cookies\kristina@stats.stada[2].txt [ Cookie:kristina@stats.stada.de/piwik/ ]

        C:\USERS\KRISTINA\Cookies\kristina@smartadserver[1].txt [ Cookie:kristina@smartadserver.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@adx.chip[1].txt [ Cookie:kristina@adx.chip.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@ad4.adfarm1.adition[1].txt [ Cookie:kristina@ad4.adfarm1.adition.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@doubleclick[2].txt [ Cookie:kristina@doubleclick.net/ ]

        C:\USERS\KRISTINA\Cookies\kristina@ad1.adfarm1.adition[2].txt [ Cookie:kristina@ad1.adfarm1.adition.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@unitymedia-internet[1].txt [ Cookie:kristina@unitymedia-internet.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@beacons.hottraffic[1].txt [ Cookie:kristina@beacons.hottraffic.nl/ ]

        C:\USERS\KRISTINA\Cookies\kristina@content.yieldmanager[1].txt [ Cookie:kristina@content.yieldmanager.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@ad.zanox[1].txt [ Cookie:kristina@ad.zanox.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@track.effiliation[3].txt [ Cookie:kristina@track.effiliation.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@imrworldwide[2].txt [ Cookie:kristina@imrworldwide.com/cgi-bin ]

        C:\USERS\KRISTINA\Cookies\kristina@adform[2].txt [ Cookie:kristina@adform.net/ ]

        C:\USERS\KRISTINA\Cookies\kristina@revsci[1].txt [ Cookie:kristina@revsci.net/ ]

        C:\USERS\KRISTINA\Cookies\kristina@eas.apm.emediate[1].txt [ Cookie:kristina@eas.apm.emediate.eu/ ]

        C:\USERS\KRISTINA\Cookies\kristina@google[1].txt [ Cookie:kristina@google.com/accounts/ ]

        C:\USERS\KRISTINA\Cookies\kristina@ads.quartermedia[1].txt [ Cookie:kristina@ads.quartermedia.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@ad3.adfarm1.adition[2].txt [ Cookie:kristina@ad3.adfarm1.adition.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@eyewonder[1].txt [ Cookie:kristina@eyewonder.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@adtech[1].txt [ Cookie:kristina@adtech.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@xiti[1].txt [ Cookie:kristina@xiti.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@adxpose[2].txt [ Cookie:kristina@adxpose.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@himedia.individuad[2].txt [ Cookie:kristina@himedia.individuad.net/ ]

        C:\USERS\KRISTINA\Cookies\kristina@atdmt[2].txt [ Cookie:kristina@atdmt.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@stats.portalis[2].txt [ Cookie:kristina@stats.portalis.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@nextag[1].txt [ Cookie:kristina@nextag.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@track.adform[2].txt [ Cookie:kristina@track.adform.net/ ]

        C:\USERS\KRISTINA\Cookies\kristina@tradedoubler[2].txt [ Cookie:kristina@tradedoubler.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@tracking.quisma[1].txt [ Cookie:kristina@tracking.quisma.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@questionmarket[1].txt [ Cookie:kristina@questionmarket.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@www.etracker[1].txt [ Cookie:kristina@www.etracker.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@zanox-affiliate[2].txt [ Cookie:kristina@zanox-affiliate.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@tracker.twenga[1].txt [ Cookie:kristina@tracker.twenga.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@content.yieldmanager[3].txt [ Cookie:kristina@content.yieldmanager.com/ak/ ]

        C:\USERS\KRISTINA\Cookies\kristina@dyntracker[1].txt [ Cookie:kristina@dyntracker.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@liveperson[1].txt [ Cookie:kristina@liveperson.net/ ]

        C:\USERS\KRISTINA\Cookies\kristina@urbia.wwe-media[2].txt [ Cookie:kristina@urbia.wwe-media.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@taucherdiscount[1].txt [ Cookie:kristina@taucherdiscount.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@www.googleadservices[5].txt [ Cookie:kristina@www.googleadservices.com/pagead/conversion/1064336533/ ]

        C:\USERS\KRISTINA\Cookies\kristina@tracking.mindshare[1].txt [ Cookie:kristina@tracking.mindshare.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@adserver.doccheck[2].txt [ Cookie:kristina@adserver.doccheck.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@bs.serving-sys[2].txt [ Cookie:kristina@bs.serving-sys.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@hightraffic.hugoboss[2].txt [ Cookie:kristina@hightraffic.hugoboss.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@www.moviepilot[2].txt [ Cookie:kristina@www.moviepilot.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@go.dynamic-tracking[2].txt [ Cookie:kristina@go.dynamic-tracking.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@tn.motorpresse-statistik[1].txt [ Cookie:kristina@tn.motorpresse-statistik.de/track/ ]

        C:\USERS\KRISTINA\Cookies\kristina@edge.download.newmedia.nacamar[1].txt [ Cookie:kristina@edge.download.newmedia.nacamar.net/ ]

        C:\USERS\KRISTINA\Cookies\kristina@ad.adition[1].txt [ Cookie:kristina@ad.adition.net/ ]

        C:\USERS\KRISTINA\Cookies\kristina@moviepilot[1].txt [ Cookie:kristina@moviepilot.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@stat.dealtime[1].txt [ Cookie:kristina@stat.dealtime.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@www.burstnet[1].txt [ Cookie:kristina@www.burstnet.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@hit.stat[1].txt [ Cookie:kristina@hit.stat.pl/ ]

        C:\USERS\KRISTINA\Cookies\kristina@creativdiscount[1].txt [ Cookie:kristina@creativdiscount.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@clickfuse[1].txt [ Cookie:kristina@clickfuse.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@4stats[1].txt [ Cookie:kristina@4stats.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@unister-adservices[1].txt [ Cookie:kristina@unister-adservices.com/campaign/conversion/22 ]

        C:\USERS\KRISTINA\Cookies\kristina@server.adform[2].txt [ Cookie:kristina@server.adform.net/ ]

        C:\USERS\KRISTINA\Cookies\kristina@bannerox.gelsen[2].txt [ Cookie:kristina@bannerox.gelsen.net/ ]

        C:\USERS\KRISTINA\Cookies\kristina@ad.dyntracker[2].txt [ Cookie:kristina@ad.dyntracker.de/ ]

        C:\USERS\KRISTINA\Cookies\kristina@statcounter[1].txt [ Cookie:kristina@statcounter.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@lfstmedia[2].txt [ Cookie:kristina@lfstmedia.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@www.googleadservices[1].txt [ Cookie:kristina@www.googleadservices.com/pagead/conversion/1072463308/ ]

        C:\USERS\KRISTINA\Cookies\kristina@www.googleadservices[4].txt [ Cookie:kristina@www.googleadservices.com/pagead/conversion/1004793292/ ]

        C:\USERS\KRISTINA\Cookies\kristina@server.adformdsp[1].txt [ Cookie:kristina@server.adformdsp.net/ ]

        C:\USERS\KRISTINA\Cookies\kristina@zbox.zanox[1].txt [ Cookie:kristina@zbox.zanox.com/ ]

        C:\USERS\KRISTINA\Cookies\kristina@adformdsp[1].txt [ Cookie:kristina@adformdsp.net/ ]

        C:\USERS\KRISTINA\Cookies\kristina@www.123-counter[1].txt [ Cookie:kristina@www.123-counter.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@track.effiliation[2].txt [ Cookie:sebastian@track.effiliation.com/servlet/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adviva[2].txt [ Cookie:sebastian@adviva.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@serving-sys[1].txt [ Cookie:sebastian@serving-sys.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@traffictrack[1].txt [ Cookie:sebastian@traffictrack.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@facebookofsex[2].txt [ Cookie:sebastian@facebookofsex.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adform[2].txt [ Cookie:sebastian@adform.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@statcounter[2].txt [ Cookie:sebastian@statcounter.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adx2.chip[2].txt [ Cookie:sebastian@adx2.chip.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@fuckshow[2].txt [ Cookie:sebastian@fuckshow.org/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@2girlsteachsex[1].txt [ Cookie:sebastian@2girlsteachsex.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@liveperson[1].txt [ Cookie:sebastian@liveperson.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ad2.adfarm1.adition[2].txt [ Cookie:sebastian@ad2.adfarm1.adition.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@track.effiliation[1].txt [ Cookie:sebastian@track.effiliation.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@unister-adservices[2].txt [ Cookie:sebastian@unister-adservices.com/services/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.gfuck[1].txt [ Cookie:sebastian@www.gfuck.org/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@2o7[1].txt [ Cookie:sebastian@2o7.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@tracking.mindshare[1].txt [ Cookie:sebastian@tracking.mindshare.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ad.zanox[1].txt [ Cookie:sebastian@ad.zanox.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@bluestreak[2].txt [ Cookie:sebastian@bluestreak.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adfarm1.adition[2].txt [ Cookie:sebastian@adfarm1.adition.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@a.revenuemax[1].txt [ Cookie:sebastian@a.revenuemax.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@esoporn[1].txt [ Cookie:sebastian@esoporn.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.googleadservices[7].txt [ Cookie:sebastian@www.googleadservices.com/pagead/conversion/1048741675/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@delivery.trafficbroker[1].txt [ Cookie:sebastian@delivery.trafficbroker.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@zanox[2].txt [ Cookie:sebastian@zanox.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@unitymedia[2].txt [ Cookie:sebastian@unitymedia.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@atdmt[2].txt [ Cookie:sebastian@atdmt.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ad.adnet[2].txt [ Cookie:sebastian@ad.adnet.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@smartadserver[1].txt [ Cookie:sebastian@smartadserver.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@mediaplex[1].txt [ Cookie:sebastian@mediaplex.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@counter.top[2].txt [ Cookie:sebastian@counter.top.ge/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adserver.adtechus[1].txt [ Cookie:sebastian@adserver.adtechus.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adtech.habbo[1].txt [ Cookie:sebastian@adtech.habbo.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@tradedoubler[2].txt [ Cookie:sebastian@tradedoubler.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.playmate-porn[2].txt [ Cookie:sebastian@www.playmate-porn.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.esoporn[1].txt [ Cookie:sebastian@www.esoporn.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@pornvisit[1].txt [ Cookie:sebastian@pornvisit.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@mediaonline[2].txt [ Cookie:sebastian@mediaonline.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@zanox-affiliate[2].txt [ Cookie:sebastian@zanox-affiliate.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adxpansion[1].txt [ Cookie:sebastian@adxpansion.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ww251.smartadserver[1].txt [ Cookie:sebastian@ww251.smartadserver.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@eas.apm.emediate[1].txt [ Cookie:sebastian@eas.apm.emediate.eu/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@doubleclick[2].txt [ Cookie:sebastian@doubleclick.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@himedia.individuad[2].txt [ Cookie:sebastian@himedia.individuad.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adnetxchange[2].txt [ Cookie:sebastian@adnetxchange.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@markussexblog[2].txt [ Cookie:sebastian@markussexblog.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@directporntube[2].txt [ Cookie:sebastian@directporntube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ad.yieldmanager[2].txt [ Cookie:sebastian@ad.yieldmanager.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.playmate-porn[3].txt [ Cookie:sebastian@www.playmate-porn.com/st/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.sexyspiele[2].txt [ Cookie:sebastian@www.sexyspiele.net/view/123/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@stat.easydate[2].txt [ Cookie:sebastian@stat.easydate.biz/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@xxxkinky[2].txt [ Cookie:sebastian@xxxkinky.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@de.pornhub[1].txt [ Cookie:sebastian@de.pornhub.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@apmebf[2].txt [ Cookie:sebastian@apmebf.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adtech[2].txt [ Cookie:sebastian@adtech.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@track.adform[1].txt [ Cookie:sebastian@track.adform.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@xiti[1].txt [ Cookie:sebastian@xiti.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@casalemedia[2].txt [ Cookie:sebastian@casalemedia.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ad3.adfarm1.adition[2].txt [ Cookie:sebastian@ad3.adfarm1.adition.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ec-track[1].txt [ Cookie:sebastian@ec-track.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@gonzoxxxmovies[1].txt [ Cookie:sebastian@gonzoxxxmovies.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.fpctraffic2[2].txt [ Cookie:sebastian@www.fpctraffic2.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@komtrack[2].txt [ Cookie:sebastian@komtrack.com/tr/993780 ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@media6degrees[1].txt [ Cookie:sebastian@media6degrees.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@clicks.pangora[1].txt [ Cookie:sebastian@clicks.pangora.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.porndad[2].txt [ Cookie:sebastian@www.porndad.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.tubepornx[3].txt [ Cookie:sebastian@www.tubepornx.com/st/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.purpleporno[1].txt [ Cookie:sebastian@www.purpleporno.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adcentriconline[1].txt [ Cookie:sebastian@adcentriconline.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@track.webtrekk[2].txt [ Cookie:sebastian@track.webtrekk.de/471497967328727/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.traffictrack[1].txt [ Cookie:sebastian@www.traffictrack.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adsrv1.admediate[1].txt [ Cookie:sebastian@adsrv1.admediate.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@tour1.xxxmatch[1].txt [ Cookie:sebastian@tour1.xxxmatch.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@in.getclicky[1].txt [ Cookie:sebastian@in.getclicky.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@4porn[1].txt [ Cookie:sebastian@4porn.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@in.mydirtyhobby[1].txt [ Cookie:sebastian@in.mydirtyhobby.com/track/cnQDADoU,33/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@indieclick[1].txt [ Cookie:sebastian@indieclick.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@stats.ilsemedia[1].txt [ Cookie:sebastian@stats.ilsemedia.nl/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.active-tracking[1].txt [ Cookie:sebastian@www.active-tracking.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@pornhub[1].txt [ Cookie:sebastian@pornhub.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@collective-media[2].txt [ Cookie:sebastian@collective-media.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.usenext[1].txt [ Cookie:sebastian@www.usenext.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@porntube[2].txt [ Cookie:sebastian@porntube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@freepornmate[1].txt [ Cookie:sebastian@freepornmate.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@wt.xxxmatch[1].txt [ Cookie:sebastian@wt.xxxmatch.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@pornme[2].txt [ Cookie:sebastian@pornme.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.mediamarkt[1].txt [ Cookie:sebastian@www.mediamarkt.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@yadro[1].txt [ Cookie:sebastian@yadro.ru/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@eyewonder[1].txt [ Cookie:sebastian@eyewonder.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@fastclick[1].txt [ Cookie:sebastian@fastclick.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.porntube[1].txt [ Cookie:sebastian@www.porntube.com/videos/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@xoporntube[2].txt [ Cookie:sebastian@xoporntube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@pornoxo[2].txt [ Cookie:sebastian@pornoxo.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ads.zeusclicks[1].txt [ Cookie:sebastian@ads.zeusclicks.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@e-sexspiele[2].txt [ Cookie:sebastian@e-sexspiele.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ads.ventivmedia[1].txt [ Cookie:sebastian@ads.ventivmedia.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.gratispornotubes[1].txt [ Cookie:sebastian@www.gratispornotubes.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.gratis-pornos[1].txt [ Cookie:sebastian@www.gratis-pornos.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@toplist[2].txt [ Cookie:sebastian@toplist.cz/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@porndad[2].txt [ Cookie:sebastian@porndad.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@freepornsubmits[2].txt [ Cookie:sebastian@freepornsubmits.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.freepornmate[1].txt [ Cookie:sebastian@www.freepornmate.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@mofosex[1].txt [ Cookie:sebastian@mofosex.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.xvideos-sexfilme[1].txt [ Cookie:sebastian@www.xvideos-sexfilme.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@bt.ilsemedia[2].txt [ Cookie:sebastian@bt.ilsemedia.nl/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.vagosex[1].txt [ Cookie:sebastian@www.vagosex.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@imrworldwide[2].txt [ Cookie:sebastian@imrworldwide.com/cgi-bin ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@tracking.mlsat02[1].txt [ Cookie:sebastian@tracking.mlsat02.de/tmobile/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@fuckbookdatinglive[2].txt [ Cookie:sebastian@fuckbookdatinglive.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adbrite[2].txt [ Cookie:sebastian@adbrite.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.moms4fuck[1].txt [ Cookie:sebastian@www.moms4fuck.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@xxxtubemonster[2].txt [ Cookie:sebastian@xxxtubemonster.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@pornrabbit[2].txt [ Cookie:sebastian@pornrabbit.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@newsexbook[1].txt [ Cookie:sebastian@newsexbook.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@germanfriendfinder[1].txt [ Cookie:sebastian@germanfriendfinder.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.pornoxo[2].txt [ Cookie:sebastian@www.pornoxo.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@girlsteachsex[2].txt [ Cookie:sebastian@girlsteachsex.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@track.webtrekk[1].txt [ Cookie:sebastian@track.webtrekk.de/562243648792138/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.vagosex18[2].txt [ Cookie:sebastian@www.vagosex18.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@view.advert-layer[1].txt [ Cookie:sebastian@view.advert-layer.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.cuntcore[1].txt [ Cookie:sebastian@www.cuntcore.com/cgi-bin/atx/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@dafuckbook[1].txt [ Cookie:sebastian@dafuckbook.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.sexkiste[2].txt [ Cookie:sebastian@www.sexkiste.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@track.gridlockparadise[2].txt [ Cookie:sebastian@track.gridlockparadise.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@lfstmedia[1].txt [ Cookie:sebastian@lfstmedia.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@allthemedia[1].txt [ Cookie:sebastian@allthemedia.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@media.gan-online[1].txt [ Cookie:sebastian@media.gan-online.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.porneagle[1].txt [ Cookie:sebastian@www.porneagle.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.adxpansion[1].txt [ Cookie:sebastian@www.adxpansion.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@mmotraffic[2].txt [ Cookie:sebastian@mmotraffic.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@gratispornotubes[2].txt [ Cookie:sebastian@gratispornotubes.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@fuckbookdating[2].txt [ Cookie:sebastian@fuckbookdating.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@freetoonporntube[1].txt [ Cookie:sebastian@freetoonporntube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@clicksor[2].txt [ Cookie:sebastian@clicksor.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.teenurge[2].txt [ Cookie:sebastian@www.teenurge.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@purpleporno[2].txt [ Cookie:sebastian@purpleporno.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@teencategories[1].txt [ Cookie:sebastian@teencategories.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@pornerbros[1].txt [ Cookie:sebastian@pornerbros.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.meet-teens[1].txt [ Cookie:sebastian@www.meet-teens.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@static.sunporno[1].txt [ Cookie:sebastian@static.sunporno.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.watchgfporn[1].txt [ Cookie:sebastian@www.watchgfporn.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@cunttt[2].txt [ Cookie:sebastian@cunttt.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@philstraffic[1].txt [ Cookie:sebastian@philstraffic.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@xhamster-porno[1].txt [ Cookie:sebastian@xhamster-porno.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@porn[2].txt [ Cookie:sebastian@porn.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@advertising[2].txt [ Cookie:sebastian@advertising.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@gratisporno.3lot[2].txt [ Cookie:sebastian@gratisporno.3lot.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@porneagle[2].txt [ Cookie:sebastian@porneagle.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@elitepvpers[1].txt [ Cookie:sebastian@elitepvpers.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@sexyspiele[1].txt [ Cookie:sebastian@sexyspiele.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.tiniporn[1].txt [ Cookie:sebastian@www.tiniporn.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@animesex-videos[2].txt [ Cookie:sebastian@animesex-videos.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@xvideos-porno[1].txt [ Cookie:sebastian@xvideos-porno.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@69porntube[1].txt [ Cookie:sebastian@69porntube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@eas4.emediate[2].txt [ Cookie:sebastian@eas4.emediate.eu/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@hardsextube[2].txt [ Cookie:sebastian@hardsextube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adx.chip[2].txt [ Cookie:sebastian@adx.chip.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.ak47porntube[1].txt [ Cookie:sebastian@www.ak47porntube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@nextag[1].txt [ Cookie:sebastian@nextag.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@myroitracking[1].txt [ Cookie:sebastian@myroitracking.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.counterstatistik[2].txt [ Cookie:sebastian@www.counterstatistik.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.hardsextube[2].txt [ Cookie:sebastian@www.hardsextube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.adultrevads[2].txt [ Cookie:sebastian@www.adultrevads.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@amazon-adsystem[2].txt [ Cookie:sebastian@amazon-adsystem.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@hot-sex-tube[2].txt [ Cookie:sebastian@hot-sex-tube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@webmasterplan[3].txt [ Cookie:sebastian@webmasterplan.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@trafficholder[1].txt [ Cookie:sebastian@trafficholder.com/cgi-bin/traffic/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.zenaporntube[1].txt [ Cookie:sebastian@www.zenaporntube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@adxpose[1].txt [ Cookie:sebastian@adxpose.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ads2.net2day[2].txt [ Cookie:sebastian@ads2.net2day.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@dev.hardsextube[1].txt [ Cookie:sebastian@dev.hardsextube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ads.247activemedia[1].txt [ Cookie:sebastian@ads.247activemedia.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ads2.zeusclicks[1].txt [ Cookie:sebastian@ads2.zeusclicks.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@xm.xtendmedia[1].txt [ Cookie:sebastian@xm.xtendmedia.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@azjmp[1].txt [ Cookie:sebastian@azjmp.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@tomtailor.dyntracker[2].txt [ Cookie:sebastian@tomtailor.dyntracker.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@statse.webtrendslive[2].txt [ Cookie:sebastian@statse.webtrendslive.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@at.atwola[1].txt [ Cookie:sebastian@at.atwola.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.unitymedia[2].txt [ Cookie:sebastian@www.unitymedia.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@google[9].txt [ Cookie:sebastian@google.com/accounts/recovery/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@fidelity.rotator.hadj7.adjuggler[1].txt [ Cookie:sebastian@fidelity.rotator.hadj7.adjuggler.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@advertstream[2].txt [ Cookie:sebastian@advertstream.com/a ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.etracker[2].txt [ Cookie:sebastian@www.etracker.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.compluscommediaads[2].txt [ Cookie:sebastian@www.compluscommediaads.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@accounts.google[2].txt [ Cookie:sebastian@accounts.google.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@optimize.indieclick[2].txt [ Cookie:sebastian@optimize.indieclick.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@forexyard.advertserve[1].txt [ Cookie:sebastian@forexyard.advertserve.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ads3.net2day[2].txt [ Cookie:sebastian@ads3.net2day.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.sexodirectory[2].txt [ Cookie:sebastian@www.sexodirectory.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@perfectporntubes[1].txt [ Cookie:sebastian@perfectporntubes.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@pornoeye[2].txt [ Cookie:sebastian@pornoeye.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@77tracking[1].txt [ Cookie:sebastian@77tracking.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@tracking.quisma[3].txt [ Cookie:sebastian@tracking.quisma.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.startupmedia.co[1].txt [ Cookie:sebastian@www.startupmedia.co.uk/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@zieltrack[1].txt [ Cookie:sebastian@zieltrack.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.momsexgalleries[1].txt [ Cookie:sebastian@www.momsexgalleries.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.pornerbros[3].txt [ Cookie:sebastian@www.pornerbros.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@exoclick[2].txt [ Cookie:sebastian@exoclick.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@dirtyxxxtube[2].txt [ Cookie:sebastian@dirtyxxxtube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.pornrabbit[1].txt [ Cookie:sebastian@www.pornrabbit.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.googleadservices[2].txt [ Cookie:sebastian@www.googleadservices.com/pagead/conversion/1051834421/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@lucidmedia[2].txt [ Cookie:sebastian@lucidmedia.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@hightraffic.hugoboss[2].txt [ Cookie:sebastian@hightraffic.hugoboss.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@tracker.pegsanalytics[1].txt [ Cookie:sebastian@tracker.pegsanalytics.com/dcsshkun83q8sowfqcgwsw71v_7b4u ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@tracker.pegsanalytics[2].txt [ Cookie:sebastian@tracker.pegsanalytics.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@spenden.wikimedia[1].txt [ Cookie:sebastian@spenden.wikimedia.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@dc.tremormedia[2].txt [ Cookie:sebastian@dc.tremormedia.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@22.zieltrack[1].txt [ Cookie:sebastian@22.zieltrack.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.highporntube[1].txt [ Cookie:sebastian@www.highporntube.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.elitepvpers[1].txt [ Cookie:sebastian@www.elitepvpers.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@watchgfporn[2].txt [ Cookie:sebastian@watchgfporn.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.sunporno[1].txt [ Cookie:sebastian@www.sunporno.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@freeporn[1].txt [ Cookie:sebastian@freeporn.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@go.dynamic-tracking[2].txt [ Cookie:sebastian@go.dynamic-tracking.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@zbox.zanox[2].txt [ Cookie:sebastian@zbox.zanox.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@clkads[1].txt [ Cookie:sebastian@clkads.com/adServe/banners/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@clkads[2].txt [ Cookie:sebastian@clkads.com/adServe/banners ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.epicgameads[2].txt [ Cookie:sebastian@www.epicgameads.com/ads/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.bigwiesi[1].txt [ Cookie:sebastian@www.bigwiesi.de/stwccounter/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@hardsextube[3].txt [ Cookie:sebastian@hardsextube.com/video/736646/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@ads4.net2day[1].txt [ Cookie:sebastian@ads4.net2day.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@unister-adservices[1].txt [ Cookie:sebastian@unister-adservices.com/campaign/conversion/22 ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@track.brighteroption[2].txt [ Cookie:sebastian@track.brighteroption.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@mediafire[1].txt [ Cookie:sebastian@mediafire.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@wildesexspiele.ficken1a[1].txt [ Cookie:sebastian@wildesexspiele.ficken1a.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@countingdownto[1].txt [ Cookie:sebastian@countingdownto.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.googleadservices[6].txt [ Cookie:sebastian@www.googleadservices.com/pagead/conversion/994070591/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.mediafire[1].txt [ Cookie:sebastian@www.mediafire.com/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@e2.emediate[2].txt [ Cookie:sebastian@e2.emediate.se/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@doubleclick[1].txt [ Cookie:sebastian@doubleclick.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@quartermedia[1].txt [ Cookie:sebastian@quartermedia.de/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@mm.chitika[2].txt [ Cookie:sebastian@mm.chitika.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.googleadservices[8].txt [ Cookie:sebastian@www.googleadservices.com/pagead/conversion/995553404/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@avgtechnologies.112.2o7[1].txt [ Cookie:sebastian@avgtechnologies.112.2o7.net/ ]

        C:\USERS\SEBASTIAN\AppData\Roaming\Microsoft\Windows\Cookies\sebastian@www.googleadservices[4].txt [ Cookie:sebastian@www.googleadservices.com/pagead/conversion/1003944074/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@track.effiliation[2].txt [ Cookie:sebastian@track.effiliation.com/servlet/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adviva[2].txt [ Cookie:sebastian@adviva.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@serving-sys[1].txt [ Cookie:sebastian@serving-sys.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@traffictrack[1].txt [ Cookie:sebastian@traffictrack.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@facebookofsex[2].txt [ Cookie:sebastian@facebookofsex.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adform[2].txt [ Cookie:sebastian@adform.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@statcounter[2].txt [ Cookie:sebastian@statcounter.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adx2.chip[2].txt [ Cookie:sebastian@adx2.chip.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@fuckshow[2].txt [ Cookie:sebastian@fuckshow.org/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@2girlsteachsex[1].txt [ Cookie:sebastian@2girlsteachsex.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@liveperson[1].txt [ Cookie:sebastian@liveperson.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ad2.adfarm1.adition[2].txt [ Cookie:sebastian@ad2.adfarm1.adition.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@track.effiliation[1].txt [ Cookie:sebastian@track.effiliation.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@unister-adservices[2].txt [ Cookie:sebastian@unister-adservices.com/services/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.gfuck[1].txt [ Cookie:sebastian@www.gfuck.org/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@2o7[1].txt [ Cookie:sebastian@2o7.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@tracking.mindshare[1].txt [ Cookie:sebastian@tracking.mindshare.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ad.zanox[1].txt [ Cookie:sebastian@ad.zanox.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@bluestreak[2].txt [ Cookie:sebastian@bluestreak.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adfarm1.adition[2].txt [ Cookie:sebastian@adfarm1.adition.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@a.revenuemax[1].txt [ Cookie:sebastian@a.revenuemax.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@esoporn[1].txt [ Cookie:sebastian@esoporn.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.googleadservices[7].txt [ Cookie:sebastian@www.googleadservices.com/pagead/conversion/1048741675/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@delivery.trafficbroker[1].txt [ Cookie:sebastian@delivery.trafficbroker.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@zanox[2].txt [ Cookie:sebastian@zanox.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@unitymedia[2].txt [ Cookie:sebastian@unitymedia.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@atdmt[2].txt [ Cookie:sebastian@atdmt.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ad.adnet[2].txt [ Cookie:sebastian@ad.adnet.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@smartadserver[1].txt [ Cookie:sebastian@smartadserver.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@mediaplex[1].txt [ Cookie:sebastian@mediaplex.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@counter.top[2].txt [ Cookie:sebastian@counter.top.ge/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adserver.adtechus[1].txt [ Cookie:sebastian@adserver.adtechus.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adtech.habbo[1].txt [ Cookie:sebastian@adtech.habbo.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@tradedoubler[2].txt [ Cookie:sebastian@tradedoubler.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.playmate-porn[2].txt [ Cookie:sebastian@www.playmate-porn.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.esoporn[1].txt [ Cookie:sebastian@www.esoporn.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@pornvisit[1].txt [ Cookie:sebastian@pornvisit.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@mediaonline[2].txt [ Cookie:sebastian@mediaonline.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@zanox-affiliate[2].txt [ Cookie:sebastian@zanox-affiliate.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adxpansion[1].txt [ Cookie:sebastian@adxpansion.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ww251.smartadserver[1].txt [ Cookie:sebastian@ww251.smartadserver.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@eas.apm.emediate[1].txt [ Cookie:sebastian@eas.apm.emediate.eu/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@doubleclick[2].txt [ Cookie:sebastian@doubleclick.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@himedia.individuad[2].txt [ Cookie:sebastian@himedia.individuad.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adnetxchange[2].txt [ Cookie:sebastian@adnetxchange.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@markussexblog[2].txt [ Cookie:sebastian@markussexblog.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@directporntube[2].txt [ Cookie:sebastian@directporntube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ad.yieldmanager[2].txt [ Cookie:sebastian@ad.yieldmanager.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.playmate-porn[3].txt [ Cookie:sebastian@www.playmate-porn.com/st/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.sexyspiele[2].txt [ Cookie:sebastian@www.sexyspiele.net/view/123/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@stat.easydate[2].txt [ Cookie:sebastian@stat.easydate.biz/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@xxxkinky[2].txt [ Cookie:sebastian@xxxkinky.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@de.pornhub[1].txt [ Cookie:sebastian@de.pornhub.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@apmebf[2].txt [ Cookie:sebastian@apmebf.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adtech[2].txt [ Cookie:sebastian@adtech.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@track.adform[1].txt [ Cookie:sebastian@track.adform.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@xiti[1].txt [ Cookie:sebastian@xiti.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@casalemedia[2].txt [ Cookie:sebastian@casalemedia.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ad3.adfarm1.adition[2].txt [ Cookie:sebastian@ad3.adfarm1.adition.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ec-track[1].txt [ Cookie:sebastian@ec-track.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@gonzoxxxmovies[1].txt [ Cookie:sebastian@gonzoxxxmovies.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.fpctraffic2[2].txt [ Cookie:sebastian@www.fpctraffic2.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@komtrack[2].txt [ Cookie:sebastian@komtrack.com/tr/993780 ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@media6degrees[1].txt [ Cookie:sebastian@media6degrees.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@clicks.pangora[1].txt [ Cookie:sebastian@clicks.pangora.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.porndad[2].txt [ Cookie:sebastian@www.porndad.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.tubepornx[3].txt [ Cookie:sebastian@www.tubepornx.com/st/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.purpleporno[1].txt [ Cookie:sebastian@www.purpleporno.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adcentriconline[1].txt [ Cookie:sebastian@adcentriconline.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@track.webtrekk[2].txt [ Cookie:sebastian@track.webtrekk.de/471497967328727/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.traffictrack[1].txt [ Cookie:sebastian@www.traffictrack.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adsrv1.admediate[1].txt [ Cookie:sebastian@adsrv1.admediate.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@tour1.xxxmatch[1].txt [ Cookie:sebastian@tour1.xxxmatch.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@in.getclicky[1].txt [ Cookie:sebastian@in.getclicky.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@4porn[1].txt [ Cookie:sebastian@4porn.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@in.mydirtyhobby[1].txt [ Cookie:sebastian@in.mydirtyhobby.com/track/cnQDADoU,33/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@indieclick[1].txt [ Cookie:sebastian@indieclick.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@stats.ilsemedia[1].txt [ Cookie:sebastian@stats.ilsemedia.nl/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.active-tracking[1].txt [ Cookie:sebastian@www.active-tracking.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@pornhub[1].txt [ Cookie:sebastian@pornhub.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@collective-media[2].txt [ Cookie:sebastian@collective-media.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.usenext[1].txt [ Cookie:sebastian@www.usenext.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@porntube[2].txt [ Cookie:sebastian@porntube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@freepornmate[1].txt [ Cookie:sebastian@freepornmate.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@wt.xxxmatch[1].txt [ Cookie:sebastian@wt.xxxmatch.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@pornme[2].txt [ Cookie:sebastian@pornme.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.mediamarkt[1].txt [ Cookie:sebastian@www.mediamarkt.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@yadro[1].txt [ Cookie:sebastian@yadro.ru/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@eyewonder[1].txt [ Cookie:sebastian@eyewonder.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@fastclick[1].txt [ Cookie:sebastian@fastclick.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.porntube[1].txt [ Cookie:sebastian@www.porntube.com/videos/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@xoporntube[2].txt [ Cookie:sebastian@xoporntube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@pornoxo[2].txt [ Cookie:sebastian@pornoxo.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ads.zeusclicks[1].txt [ Cookie:sebastian@ads.zeusclicks.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@e-sexspiele[2].txt [ Cookie:sebastian@e-sexspiele.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ads.ventivmedia[1].txt [ Cookie:sebastian@ads.ventivmedia.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.gratispornotubes[1].txt [ Cookie:sebastian@www.gratispornotubes.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.gratis-pornos[1].txt [ Cookie:sebastian@www.gratis-pornos.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@toplist[2].txt [ Cookie:sebastian@toplist.cz/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@porndad[2].txt [ Cookie:sebastian@porndad.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@freepornsubmits[2].txt [ Cookie:sebastian@freepornsubmits.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.freepornmate[1].txt [ Cookie:sebastian@www.freepornmate.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@mofosex[1].txt [ Cookie:sebastian@mofosex.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.xvideos-sexfilme[1].txt [ Cookie:sebastian@www.xvideos-sexfilme.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@bt.ilsemedia[2].txt [ Cookie:sebastian@bt.ilsemedia.nl/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.vagosex[1].txt [ Cookie:sebastian@www.vagosex.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@imrworldwide[2].txt [ Cookie:sebastian@imrworldwide.com/cgi-bin ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@tracking.mlsat02[1].txt [ Cookie:sebastian@tracking.mlsat02.de/tmobile/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@fuckbookdatinglive[2].txt [ Cookie:sebastian@fuckbookdatinglive.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adbrite[2].txt [ Cookie:sebastian@adbrite.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.moms4fuck[1].txt [ Cookie:sebastian@www.moms4fuck.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@xxxtubemonster[2].txt [ Cookie:sebastian@xxxtubemonster.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@pornrabbit[2].txt [ Cookie:sebastian@pornrabbit.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@newsexbook[1].txt [ Cookie:sebastian@newsexbook.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@germanfriendfinder[1].txt [ Cookie:sebastian@germanfriendfinder.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.pornoxo[2].txt [ Cookie:sebastian@www.pornoxo.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@girlsteachsex[2].txt [ Cookie:sebastian@girlsteachsex.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@track.webtrekk[1].txt [ Cookie:sebastian@track.webtrekk.de/562243648792138/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.vagosex18[2].txt [ Cookie:sebastian@www.vagosex18.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@view.advert-layer[1].txt [ Cookie:sebastian@view.advert-layer.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.cuntcore[1].txt [ Cookie:sebastian@www.cuntcore.com/cgi-bin/atx/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@dafuckbook[1].txt [ Cookie:sebastian@dafuckbook.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.sexkiste[2].txt [ Cookie:sebastian@www.sexkiste.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@track.gridlockparadise[2].txt [ Cookie:sebastian@track.gridlockparadise.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@lfstmedia[1].txt [ Cookie:sebastian@lfstmedia.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@allthemedia[1].txt [ Cookie:sebastian@allthemedia.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@media.gan-online[1].txt [ Cookie:sebastian@media.gan-online.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.porneagle[1].txt [ Cookie:sebastian@www.porneagle.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.adxpansion[1].txt [ Cookie:sebastian@www.adxpansion.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@mmotraffic[2].txt [ Cookie:sebastian@mmotraffic.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@gratispornotubes[2].txt [ Cookie:sebastian@gratispornotubes.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@fuckbookdating[2].txt [ Cookie:sebastian@fuckbookdating.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@freetoonporntube[1].txt [ Cookie:sebastian@freetoonporntube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@clicksor[2].txt [ Cookie:sebastian@clicksor.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.teenurge[2].txt [ Cookie:sebastian@www.teenurge.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@purpleporno[2].txt [ Cookie:sebastian@purpleporno.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@teencategories[1].txt [ Cookie:sebastian@teencategories.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@pornerbros[1].txt [ Cookie:sebastian@pornerbros.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.meet-teens[1].txt [ Cookie:sebastian@www.meet-teens.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@static.sunporno[1].txt [ Cookie:sebastian@static.sunporno.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.watchgfporn[1].txt [ Cookie:sebastian@www.watchgfporn.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@cunttt[2].txt [ Cookie:sebastian@cunttt.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@philstraffic[1].txt [ Cookie:sebastian@philstraffic.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@xhamster-porno[1].txt [ Cookie:sebastian@xhamster-porno.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@porn[2].txt [ Cookie:sebastian@porn.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@advertising[2].txt [ Cookie:sebastian@advertising.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@gratisporno.3lot[2].txt [ Cookie:sebastian@gratisporno.3lot.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@porneagle[2].txt [ Cookie:sebastian@porneagle.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@elitepvpers[1].txt [ Cookie:sebastian@elitepvpers.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@sexyspiele[1].txt [ Cookie:sebastian@sexyspiele.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.tiniporn[1].txt [ Cookie:sebastian@www.tiniporn.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@animesex-videos[2].txt [ Cookie:sebastian@animesex-videos.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@xvideos-porno[1].txt [ Cookie:sebastian@xvideos-porno.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@69porntube[1].txt [ Cookie:sebastian@69porntube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@eas4.emediate[2].txt [ Cookie:sebastian@eas4.emediate.eu/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@hardsextube[2].txt [ Cookie:sebastian@hardsextube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adx.chip[2].txt [ Cookie:sebastian@adx.chip.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.ak47porntube[1].txt [ Cookie:sebastian@www.ak47porntube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@nextag[1].txt [ Cookie:sebastian@nextag.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@myroitracking[1].txt [ Cookie:sebastian@myroitracking.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.counterstatistik[2].txt [ Cookie:sebastian@www.counterstatistik.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.hardsextube[2].txt [ Cookie:sebastian@www.hardsextube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.adultrevads[2].txt [ Cookie:sebastian@www.adultrevads.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@amazon-adsystem[2].txt [ Cookie:sebastian@amazon-adsystem.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@hot-sex-tube[2].txt [ Cookie:sebastian@hot-sex-tube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@webmasterplan[3].txt [ Cookie:sebastian@webmasterplan.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@trafficholder[1].txt [ Cookie:sebastian@trafficholder.com/cgi-bin/traffic/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.zenaporntube[1].txt [ Cookie:sebastian@www.zenaporntube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@adxpose[1].txt [ Cookie:sebastian@adxpose.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ads2.net2day[2].txt [ Cookie:sebastian@ads2.net2day.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@dev.hardsextube[1].txt [ Cookie:sebastian@dev.hardsextube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ads.247activemedia[1].txt [ Cookie:sebastian@ads.247activemedia.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ads2.zeusclicks[1].txt [ Cookie:sebastian@ads2.zeusclicks.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@xm.xtendmedia[1].txt [ Cookie:sebastian@xm.xtendmedia.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@azjmp[1].txt [ Cookie:sebastian@azjmp.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@tomtailor.dyntracker[2].txt [ Cookie:sebastian@tomtailor.dyntracker.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@statse.webtrendslive[2].txt [ Cookie:sebastian@statse.webtrendslive.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@at.atwola[1].txt [ Cookie:sebastian@at.atwola.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.unitymedia[2].txt [ Cookie:sebastian@www.unitymedia.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@google[9].txt [ Cookie:sebastian@google.com/accounts/recovery/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@fidelity.rotator.hadj7.adjuggler[1].txt [ Cookie:sebastian@fidelity.rotator.hadj7.adjuggler.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@advertstream[2].txt [ Cookie:sebastian@advertstream.com/a ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.etracker[2].txt [ Cookie:sebastian@www.etracker.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.compluscommediaads[2].txt [ Cookie:sebastian@www.compluscommediaads.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@accounts.google[2].txt [ Cookie:sebastian@accounts.google.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@optimize.indieclick[2].txt [ Cookie:sebastian@optimize.indieclick.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@forexyard.advertserve[1].txt [ Cookie:sebastian@forexyard.advertserve.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ads3.net2day[2].txt [ Cookie:sebastian@ads3.net2day.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.sexodirectory[2].txt [ Cookie:sebastian@www.sexodirectory.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@perfectporntubes[1].txt [ Cookie:sebastian@perfectporntubes.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@pornoeye[2].txt [ Cookie:sebastian@pornoeye.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@77tracking[1].txt [ Cookie:sebastian@77tracking.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@tracking.quisma[3].txt [ Cookie:sebastian@tracking.quisma.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.startupmedia.co[1].txt [ Cookie:sebastian@www.startupmedia.co.uk/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@zieltrack[1].txt [ Cookie:sebastian@zieltrack.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.momsexgalleries[1].txt [ Cookie:sebastian@www.momsexgalleries.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.pornerbros[3].txt [ Cookie:sebastian@www.pornerbros.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@exoclick[2].txt [ Cookie:sebastian@exoclick.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@dirtyxxxtube[2].txt [ Cookie:sebastian@dirtyxxxtube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.pornrabbit[1].txt [ Cookie:sebastian@www.pornrabbit.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.googleadservices[2].txt [ Cookie:sebastian@www.googleadservices.com/pagead/conversion/1051834421/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@lucidmedia[2].txt [ Cookie:sebastian@lucidmedia.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@hightraffic.hugoboss[2].txt [ Cookie:sebastian@hightraffic.hugoboss.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@tracker.pegsanalytics[1].txt [ Cookie:sebastian@tracker.pegsanalytics.com/dcsshkun83q8sowfqcgwsw71v_7b4u ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@tracker.pegsanalytics[2].txt [ Cookie:sebastian@tracker.pegsanalytics.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@spenden.wikimedia[1].txt [ Cookie:sebastian@spenden.wikimedia.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@dc.tremormedia[2].txt [ Cookie:sebastian@dc.tremormedia.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@22.zieltrack[1].txt [ Cookie:sebastian@22.zieltrack.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.highporntube[1].txt [ Cookie:sebastian@www.highporntube.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.elitepvpers[1].txt [ Cookie:sebastian@www.elitepvpers.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@watchgfporn[2].txt [ Cookie:sebastian@watchgfporn.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.sunporno[1].txt [ Cookie:sebastian@www.sunporno.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@freeporn[1].txt [ Cookie:sebastian@freeporn.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@go.dynamic-tracking[2].txt [ Cookie:sebastian@go.dynamic-tracking.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@zbox.zanox[2].txt [ Cookie:sebastian@zbox.zanox.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@clkads[1].txt [ Cookie:sebastian@clkads.com/adServe/banners/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@clkads[2].txt [ Cookie:sebastian@clkads.com/adServe/banners ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.epicgameads[2].txt [ Cookie:sebastian@www.epicgameads.com/ads/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.bigwiesi[1].txt [ Cookie:sebastian@www.bigwiesi.de/stwccounter/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@hardsextube[3].txt [ Cookie:sebastian@hardsextube.com/video/736646/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@ads4.net2day[1].txt [ Cookie:sebastian@ads4.net2day.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@unister-adservices[1].txt [ Cookie:sebastian@unister-adservices.com/campaign/conversion/22 ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@track.brighteroption[2].txt [ Cookie:sebastian@track.brighteroption.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@mediafire[1].txt [ Cookie:sebastian@mediafire.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@wildesexspiele.ficken1a[1].txt [ Cookie:sebastian@wildesexspiele.ficken1a.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@countingdownto[1].txt [ Cookie:sebastian@countingdownto.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.googleadservices[6].txt [ Cookie:sebastian@www.googleadservices.com/pagead/conversion/994070591/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.mediafire[1].txt [ Cookie:sebastian@www.mediafire.com/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@e2.emediate[2].txt [ Cookie:sebastian@e2.emediate.se/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@doubleclick[1].txt [ Cookie:sebastian@doubleclick.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@quartermedia[1].txt [ Cookie:sebastian@quartermedia.de/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@mm.chitika[2].txt [ Cookie:sebastian@mm.chitika.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.googleadservices[8].txt [ Cookie:sebastian@www.googleadservices.com/pagead/conversion/995553404/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@avgtechnologies.112.2o7[1].txt [ Cookie:sebastian@avgtechnologies.112.2o7.net/ ]

        C:\USERS\SEBASTIAN\Cookies\sebastian@www.googleadservices[4].txt [ Cookie:sebastian@www.googleadservices.com/pagead/conversion/1003944074/ ]

        C:\USERS\K&S\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\K&S@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]

        C:\USERS\K&S\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\K&S@ADX.CHIP[1].TXT [ /ADX.CHIP ]

        C:\USERS\K&S\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\K&S@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ]

        C:\USERS\K&S\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\K&S@AD.360YIELD[1].TXT [ /AD.360YIELD ]

        C:\USERS\KRISTINA\APPDATA\LOCAL\TEMP\LOW\COOKIES\KRISTINA@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]

        C:\USERS\KRISTINA\APPDATA\LOCAL\TEMP\LOW\COOKIES\KRISTINA@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]

        C:\USERS\KRISTINA\APPDATA\LOCAL\TEMP\LOW\COOKIES\KRISTINA@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@AD1.CHEFKOCH[2].TXT [ /AD1.CHEFKOCH ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@ADS.LINGUEE[2].TXT [ /ADS.LINGUEE ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@ADS.SPINSOFT[2].TXT [ /ADS.SPINSOFT ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@2O7[2].TXT [ /2O7 ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@UNISTER-ADSERVICES[2].TXT [ /UNISTER-ADSERVICES ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@ADS.PUBMATIC[2].TXT [ /ADS.PUBMATIC ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@ADS.IMMOBILIENSCOUT24[1].TXT [ /ADS.IMMOBILIENSCOUT24 ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@WWW.ACTIVE-TRACKING[2].TXT [ /WWW.ACTIVE-TRACKING ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@AD-HOC-NEWS[2].TXT [ /AD-HOC-NEWS ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@UNITYMEDIA[2].TXT [ /UNITYMEDIA ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@STAT.1A-7574.ANTAGUS[1].TXT [ /STAT.1A-7574.ANTAGUS ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@BANNER.TESTBERICHTE[1].TXT [ /BANNER.TESTBERICHTE ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@SERVING-SYS[2].TXT [ /SERVING-SYS ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@ADS.MIOMEDI[2].TXT [ /ADS.MIOMEDI ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@FASTCLICK[1].TXT [ /FASTCLICK ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@AD.360YIELD[2].TXT [ /AD.360YIELD ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@AD.ADC-SERV[1].TXT [ /AD.ADC-SERV ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@TRACKING.PUBLICIDEES[2].TXT [ /TRACKING.PUBLICIDEES ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@AD.DYNTRACKER[1].TXT [ /AD.DYNTRACKER ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@STATSE.WEBTRENDSLIVE[2].TXT [ /STATSE.WEBTRENDSLIVE ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@EAS4.EMEDIATE[1].TXT [ /EAS4.EMEDIATE ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@ADS.1001SPIELE[1].TXT [ /ADS.1001SPIELE ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@AMAZON-ADSYSTEM[1].TXT [ /AMAZON-ADSYSTEM ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@ACCOUNTS.GOOGLE[1].TXT [ /ACCOUNTS.GOOGLE ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@IM.BANNER.T-ONLINE[2].TXT [ /IM.BANNER.T-ONLINE ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@WWW.GOOGLEADSERVICES[2].TXT [ /WWW.GOOGLEADSERVICES ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@ADS.HOW-TO-DO[2].TXT [ /ADS.HOW-TO-DO ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@AD.OSTSEE-ZEITUNG[2].TXT [ /AD.OSTSEE-ZEITUNG ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@TRACKING.DC-STORM[1].TXT [ /TRACKING.DC-STORM ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@DC.TREMORMEDIA[1].TXT [ /DC.TREMORMEDIA ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\KRISTINA@ADS.INTERGI[1].TXT [ /ADS.INTERGI ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KRISTINA@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KRISTINA@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KRISTINA@UNITYMEDIA[2].TXT [ /UNITYMEDIA ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KRISTINA@AD.360YIELD[2].TXT [ /AD.360YIELD ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KRISTINA@SERVING-SYS[1].TXT [ /SERVING-SYS ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KRISTINA@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]

        C:\USERS\KRISTINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KRISTINA@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]

        s0.2mdn.net [ C:\USERS\SEBASTIAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BXABQZB8 ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@MEGAPORNOBILDER[2].TXT [ /MEGAPORNOBILDER ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.TRAFFIKINGS[1].TXT [ /ADS.TRAFFIKINGS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@MYELITECRAFT[2].TXT [ /MYELITECRAFT ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.SEXOHENTAIGRATIS[2].TXT [ /WWW.SEXOHENTAIGRATIS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.PORNTUBE[2].TXT [ /WWW.PORNTUBE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@NAKED[1].TXT [ /NAKED ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@RTS.PGMEDIASERVE[2].TXT [ /RTS.PGMEDIASERVE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.ADWITSERVER[2].TXT [ /ADS.ADWITSERVER ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.GAMERPUBLISHING[1].TXT [ /ADS.GAMERPUBLISHING ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.FUCKSHOW[2].TXT [ /WWW.FUCKSHOW ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@CLICK.GET-ANSWERS-FAST[1].TXT [ /CLICK.GET-ANSWERS-FAST ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.AD4GAME[1].TXT [ /ADS.AD4GAME ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.GRATIS-COUNTER[1].TXT [ /WWW.GRATIS-COUNTER ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ALPHAPORNO[1].TXT [ /ALPHAPORNO ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@KOMTRACK[1].TXT [ /KOMTRACK ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.INTERGI[1].TXT [ /ADS.INTERGI ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@YOUPORN[1].TXT [ /YOUPORN ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.ADTIGER[1].TXT [ /ADS.ADTIGER ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@SERVER.CPMSTAR[1].TXT [ /SERVER.CPMSTAR ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@PORNOISE[1].TXT [ /PORNOISE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@STATSADV.DADAPRO[1].TXT [ /STATSADV.DADAPRO ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@RU4[1].TXT [ /RU4 ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.PORNERBROS[1].TXT [ /WWW.PORNERBROS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.ADCOMMUNICATIONS[1].TXT [ /ADS.ADCOMMUNICATIONS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@TTO2.TRAFFICTRACK[1].TXT [ /TTO2.TRAFFICTRACK ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@GLAMOURPORNTUBE[2].TXT [ /GLAMOURPORNTUBE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.UNDERTONE[2].TXT [ /ADS.UNDERTONE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@STAT.DEALTIME[1].TXT [ /STAT.DEALTIME ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.WEBME[2].TXT [ /ADS.WEBME ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.WATCHMYGF[1].TXT [ /ADS.WATCHMYGF ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.GOOGLEADSERVICES[5].TXT [ /WWW.GOOGLEADSERVICES ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.FLING[1].TXT [ /ADS.FLING ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@GO.TRAFFICSHOP[2].TXT [ /GO.TRAFFICSHOP ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.BURSTNET[1].TXT [ /WWW.BURSTNET ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.GLISPA[1].TXT [ /ADS.GLISPA ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.NET2DAY[1].TXT [ /ADS.NET2DAY ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@PORNOADLER[1].TXT [ /PORNOADLER ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.GAMESBANNERNET[1].TXT [ /ADS.GAMESBANNERNET ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@MOMSEXGALLERIES[2].TXT [ /MOMSEXGALLERIES ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.ALLTHEMEDIA[1].TXT [ /WWW.ALLTHEMEDIA ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.BASAL[2].TXT [ /ADS.BASAL ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD.ADC-SERV[1].TXT [ /AD.ADC-SERV ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WBR-ADS-01.ODMEDIA[2].TXT [ /WBR-ADS-01.ODMEDIA ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.DOTHADS[2].TXT [ /ADS.DOTHADS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.PROFITSDELUXE[2].TXT [ /ADS.PROFITSDELUXE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@CLICK.IWANTUONLINE[1].TXT [ /CLICK.IWANTUONLINE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.CRAKMEDIA[2].TXT [ /ADS.CRAKMEDIA ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.XXXKINKY[2].TXT [ /WWW.XXXKINKY ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD.ADITION[2].TXT [ /AD.ADITION ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.MAMMOTHFS[2].TXT [ /ADS.MAMMOTHFS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADV.DRTUBER[2].TXT [ /ADV.DRTUBER ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@SECMEDIA[2].TXT [ /SECMEDIA ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD.ADPERIUM[2].TXT [ /AD.ADPERIUM ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.GOOGLEADSERVICES[3].TXT [ /WWW.GOOGLEADSERVICES ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD.ALTURALABS[1].TXT [ /AD.ALTURALABS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.CROWDSTAR[1].TXT [ /ADS.CROWDSTAR ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD.DYNTRACKER[1].TXT [ /AD.DYNTRACKER ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.BVS-INFOMEDIA[2].TXT [ /WWW.BVS-INFOMEDIA ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD.DYNTRACKER[2].TXT [ /AD.DYNTRACKER ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD.360YIELD[1].TXT [ /AD.360YIELD ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@SUNPORNO[1].TXT [ /SUNPORNO ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@GAMES.SL3.KFACTORMEDIA[2].TXT [ /GAMES.SL3.KFACTORMEDIA ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@BANNERS.TRANNYDATES[1].TXT [ /BANNERS.TRANNYDATES ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD1.DYNTRACKER[1].TXT [ /AD1.DYNTRACKER ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.ZANOX-AFFILIATE[1].TXT [ /WWW.ZANOX-AFFILIATE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.CARTOWN[1].TXT [ /ADS.CARTOWN ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD1.ADFARM1.ADITION[2].TXT [ /AD1.ADFARM1.ADITION ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@GOLDPORNTUBE[1].TXT [ /GOLDPORNTUBE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@TRACKING.HANNOVERSCHE[1].TXT [ /TRACKING.HANNOVERSCHE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.BRANDWIRE[2].TXT [ /ADS.BRANDWIRE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.MOFOSEX[2].TXT [ /WWW.MOFOSEX ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.SPORTWERK[2].TXT [ /ADS.SPORTWERK ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@TAUCHERDISCOUNT[1].TXT [ /TAUCHERDISCOUNT ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.PORN[1].TXT [ /WWW.PORN ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@REVSCI[2].TXT [ /REVSCI ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.PORNME[2].TXT [ /WWW.PORNME ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.ADULTPOPUNDERS[2].TXT [ /ADS.ADULTPOPUNDERS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@STATS.PAYPAL[1].TXT [ /STATS.PAYPAL ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.MSVP[1].TXT [ /ADS.MSVP ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ART2TEEN[1].TXT [ /ART2TEEN ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD.123-TEMPLATE[1].TXT [ /AD.123-TEMPLATE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD.12MNKYS[2].TXT [ /AD.12MNKYS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD1.CHEFKOCH[1].TXT [ /AD1.CHEFKOCH ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@AD4.ADFARM1.ADITION[1].TXT [ /AD4.ADFARM1.ADITION ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.1001SPIELE[2].TXT [ /ADS.1001SPIELE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.ADGOTO[2].TXT [ /ADS.ADGOTO ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.CAROCEAN.CO[1].TXT [ /ADS.CAROCEAN.CO ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.IPOD-FORUM[2].TXT [ /ADS.IPOD-FORUM ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.PANFU[2].TXT [ /ADS.PANFU ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@ADS.WHALEADS[2].TXT [ /ADS.WHALEADS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@DE.SEXGAMESBOX[1].TXT [ /DE.SEXGAMESBOX ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@MEET-TEENS[2].TXT [ /MEET-TEENS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@OPENX.SEXSEARCHCOM[1].TXT [ /OPENX.SEXSEARCHCOM ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@PORNAWARDS[1].TXT [ /PORNAWARDS ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@REALPORNTUBE[1].TXT [ /REALPORNTUBE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@TOPLIST[1].TXT [ /TOPLIST ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@TRACKING.GAMEFORGE[2].TXT [ /TRACKING.GAMEFORGE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@TRACKING.TCHIBO[1].TXT [ /TRACKING.TCHIBO ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.BURSTNET[2].TXT [ /WWW.BURSTNET ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@WWW.PORNTUBE[3].TXT [ /WWW.PORNTUBE ]

        C:\USERS\SEBASTIAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SEBASTIAN@YIELDMANAGER[2].TXT [ /YIELDMANAGER ]
 

Trojan.Agent/Gen-FraudTool[Tiny]

        C:\_OTL_20120702\MOVEDFILES\07022012_214022\C_USERS\KRISTINA\APPDATA\ROAMING\.#\MBX@F64@2127C0.###

        C:\_OTL_20120702\MOVEDFILES\07022012_214022\C_USERS\KRISTINA\APPDATA\ROAMING\.#\MBX@FB8@20127C0.###

        C:\_OTL_20120702\MOVEDFILES\07022012_214022\C_USERS\SEBASTIAN\APPDATA\ROAMING\.#\MBX@E7C@1D27C0.###

Gruß
Michael

Code:

C:\Users\Sebastian\Downloads\winrar_setup.exe (PUP.AdBundle)

Von wo hast du dieses WinRAR-Setup?
Software lädt man nicht von irgendwo runter

Code:

UAC On - Limited User

Wie hast du SASW gestartet? Einfach per Doppelklick?

Hallo Arne,
ich habe meinen Sohn gefragt. Er hatte WINRAR ohne es mit mir abzusprechen runtergeladen. Er sagt, dass er WINRAR von Chip runtergeladen hat.

Ich bin mir eigentlich sicher, dass ich SUPERAntiSpyware wie in der Beschreibung per Rechtsclick als administrator gestartet habe.

Gruß
Michael

Ok, hab ich jetzt schon ein paar Mal beobachtet, scheint ein Bug von SASW zu sein :(
Jedenfalls wurden nur Cookies und ein paar dämliche Überreste gefunden

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hallo Arne,
Danke für Deine super Hilfe.

Der Computer arbeitet wieder normal.
Ich werde bei meinem Sohn wohl noch etwas genauer hinschauen, was er so am Computer treibt. Ich habe im Log von SUPERAntiSpyware ein paar Cookies von Internetseiten gesehen, auf denen mein Sohn sich nicht rumtreiben sollte.

Außerdem werde ich Deine Anregungen zum Löschen von Cookies befolgen und mir auch das MVPS Hosts File anschauen.

Danke nochmal für Deine kompetente, ausdauernde und schnelle Hilfe.
Alleine hätte ich das nicht geschafft. :daumenhoc

Gruß
Michael

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => http://www.adobe.com/software/flash/about/
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.