Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Security Shield trojan.lameshield (https://www.trojaner-board.de/118219-security-shield-trojan-lameshield.html)

Martin79 29.06.2012 23:29
Security Shield trojan.lameshield
 
Hallo zusammen,

ich habe mir gestern wohl was fieses eingefangen.
Städnig kamen Fake-Virenmeldungen und die Aufforderung ich möge doch das Programm Security Shield kaufen um dem Virenbefall Herr zu werden.

Mit rkill konnte ich die Prozesse stoppen.

Ich habe dann mit Malewarebytes und Antivir gescannt.

Zunächst OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 30.06.2012 00:03:16 - Run 6
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\MD\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,45% Memory free
5,93 Gb Paging File | 4,46 Gb Available in Paging File | 75,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,65 Gb Total Space | 144,64 Gb Free Space | 65,26% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 3,70 Gb Free Space | 37,88% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,67 Gb Free Space | 45,67% Space Free | Partition Type: NTFS
 
Computer Name: MD-LAPTOP | User Name: MD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\MD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\nalserv.exe (Nalpeiron Ltd.)
PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Users\MD\AppData\Local\Apps\2.0\V9NOXPVR.A8C\YA85CVZ8.MTM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Lexmark 9500 Series\lxdoamon.exe ()
PRC - C:\Program Files\Lexmark 9500 Series\lxdomon.exe ()
PRC - C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Lenovo)
PRC - C:\Program Files\Lenovo\ATK Hotkey\LControl.exe (ATK0101)
PRC - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
PRC - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\lxdocoms.exe ( )
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Users\MD\AppData\Local\Apps\2.0\V9NOXPVR.A8C\YA85CVZ8.MTM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\Lexmark 9500 Series\lxdoamon.exe ()
MOD - C:\Program Files\Lexmark 9500 Series\lxdomon.exe ()
MOD - C:\Program Files\Lexmark 9500 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files\Lexmark 9500 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files\Lexmark 9500 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Programme\Lenovo\Access Connections\AcDeskBand.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Program Files\Lexmark 9500 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files\Lexmark 9500 Series\lxdoscw.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxdodatr.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxdocats.dll ()
MOD - C:\Program Files\Lenovo\ATK Hotkey\AGFNEX.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NalServ) -- C:\Windows\System32\nalserv.exe (Nalpeiron Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (nlsX86cc) -- C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LFKAS) -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
SRV - (ASLDRService) -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
SRV - (lxdo_device) -- C:\Windows\System32\lxdocoms.exe ( )
SRV - (wampapache) -- C:\Program Files\wamp\bin\apache\apache2.2.6\bin\httpd.exe (Apache Software Foundation)
SRV - (lxdoCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdoserv.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (wampmysqld) -- C:\Program Files\wamp\bin\mysql\mysql4.1.21\bin\mysqld-nt.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found
DRV - (catchme) -- C:\Users\MD\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (MTsensor32) -- C:\Windows\System32\drivers\PuAcpi32.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (ASMMAP) -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF A7 AE B0 90 19 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {f035aa18-ee32-4e6e-81d2-57e32867f8a7}:1.17
FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.26
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {B97F57B9-1B42-4aed-9475-0022600C62DC}:2.6
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.10
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.21 21:54:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.29 13:59:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 10:35:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.21 21:54:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.29 13:59:31 | 000,000,000 | ---D | M]
 
[2010.11.11 01:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MD\AppData\Roaming\mozilla\Extensions
[2010.11.11 01:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MD\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.05.19 11:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions
[2011.04.13 12:09:25 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2012.05.10 10:40:36 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2012.03.30 11:05:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.13 12:09:25 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.04.13 12:09:25 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2010.11.19 10:36:01 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.05.19 11:19:43 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012.01.02 10:43:09 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\foxmarks@kei.com
[2011.08.03 22:19:56 | 000,001,632 | ---- | M] () -- C:\Users\MD\AppData\Roaming\Mozilla\Firefox\Profiles\yqpafj8u.default\searchplugins\firefox-add-ons.xml
[2012.06.29 13:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.16 15:14:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009.11.22 19:24:50 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2012.06.29 13:59:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.05.18 14:21:55 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011.08.03 22:44:55 | 000,870,767 | ---- | M] () (No name found) -- C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\EXTENSIONS\FIREBUG@TOOLS.SITEPOINT.COM.XPI
[2012.04.11 14:17:12 | 000,084,034 | ---- | M] () (No name found) -- C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\EXTENSIONS\FIREPHPEXTENSION-BUILD@FIREPHP.ORG.XPI
[2012.06.21 21:54:51 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.21 21:54:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.21 21:54:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 21:54:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 21:54:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 21:54:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 21:54:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MD\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MD\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\MD\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\MD\AppData\Local\Google\Chrome\Application\19.0.1084.56\gears.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\MD\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\MD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
 
O1 HOSTS File: ([2011.05.19 12:26:03 | 000,000,077 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1      localhost127.0.0.1      localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcWin7Hlpr.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell PanelMgr] C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Lexmark 9500 Series Fax Server] C:\Program Files\Lexmark 9500 Series\fm3032.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [lxdoamon] C:\Program Files\Lexmark 9500 Series\lxdoamon.exe ()
O4 - HKLM..\Run: [lxdomon.exe] C:\Program Files\Lexmark 9500 Series\lxdomon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\MD\AppData\Local\Apps\2.0\V9NOXPVR.A8C\YA85CVZ8.MTM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Users\MD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\MD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Windows\System32\schtasks.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03BC55A9-7D6C-4F05-A5F3-DE7C33F6165A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19893DDC-76E9-4855-9010-1D9C0C250EED}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27BB6183-1AE2-43EB-B270-6D12CBE226EF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.29 14:19:48 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\MD\Desktop\OTL.exe
[2012.06.27 17:36:14 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.sys
[2012.06.27 17:36:12 | 000,057,344 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll
[2012.06.27 17:36:12 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll
[2012.06.27 17:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2012.06.27 17:34:46 | 000,000,000 | ---D | C] -- C:\Windows\Dell
[2012.06.27 17:32:05 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sdc1mci.exe
[2012.06.27 17:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2012.06.23 16:29:01 | 000,000,000 | ---D | C] -- C:\Users\MD\AppData\Local\Macromedia
[2012.06.21 20:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.06.21 20:49:43 | 000,000,000 | ---D | C] -- C:\Users\MD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.06.21 20:49:42 | 000,000,000 | ---D | C] -- C:\Users\MD\AppData\Local\Nokia
[2012.06.21 20:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012.06.21 20:24:26 | 000,000,000 | ---D | C] -- C:\Users\MD\AppData\Roaming\PC Suite
[2012.06.21 20:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012.06.21 20:24:25 | 000,000,000 | ---D | C] -- C:\Users\MD\AppData\Roaming\Nokia
[2012.06.21 20:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2012.06.21 20:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2012.06.21 20:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2012.06.21 20:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.06.21 20:23:44 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012.06.21 20:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012.06.21 20:23:08 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2012.06.21 20:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2012.06.21 20:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2012.06.04 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\MD\Desktop\Pflege
[2012.06.02 13:29:42 | 000,000,000 | ---D | C] -- C:\Users\MD\Desktop\New Folder
[2010.08.28 22:32:53 | 022,792,192 | ---- | C] (www.top-rechnung.de) -- C:\Program Files\TOP-RECHNUNG 10.exe
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\MD\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\MD\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\MD\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\MD\AppData\Local\bass.dll
[24 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[24 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[19 C:\Users\MD\Desktop\*.tmp files -> C:\Users\MD\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.30 00:06:11 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.30 00:06:11 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 23:58:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 23:58:37 | 2388,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.29 23:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.29 23:24:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-291211984-3754166486-409696321-1001UA.job
[2012.06.29 22:18:26 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-291211984-3754166486-409696321-1001Core.job
[2012.06.29 14:51:23 | 000,000,000 | ---- | M] () -- C:\Users\MD\defogger_reenable
[2012.06.29 14:19:50 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\MD\Desktop\OTL.exe
[2012.06.29 14:03:27 | 418,357,210 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.29 13:51:27 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.29 13:51:27 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.06.29 10:26:14 | 001,012,656 | ---- | M] () -- C:\Users\MD\Desktop\rkill.com
[2012.06.27 17:34:53 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\Dell 1130n Laser Printer-Toner-Neubestellung.lnk
[2012.06.27 09:51:58 | 000,035,125 | ---- | M] () -- C:\ProgramData\lxdo
[2012.06.21 20:49:43 | 000,002,193 | ---- | M] () -- C:\Users\MD\Desktop\Nokia Software Updater.lnk
[2012.06.21 20:28:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.06.21 20:27:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012.06.21 20:23:59 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2012.06.19 12:44:38 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.19 12:44:38 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.19 12:44:38 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.19 12:44:38 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.16 11:56:48 | 000,007,602 | ---- | M] () -- C:\Users\MD\AppData\Local\Resmon.ResmonCfg
[2012.06.15 11:28:25 | 000,027,266 | ---- | M] () -- C:\Users\MD\Desktop\Duval_CV.pdf
[2012.06.15 11:26:02 | 000,004,096 | -H-- | M] () -- C:\Users\MD\AppData\Local\keyfile3.drm
[2012.06.15 08:53:29 | 003,743,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 10:28:18 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.12 10:26:31 | 000,002,395 | ---- | M] () -- C:\Users\MD\Desktop\Google Chrome.lnk
[2012.06.04 11:33:38 | 000,001,018 | ---- | M] () -- C:\Users\MD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[24 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[24 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[19 C:\Users\MD\Desktop\*.tmp files -> C:\Users\MD\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.07.02 13:27:17 | 000,000,022 | ---- | C] () -- C:\Program Files\prg_e.cfg
[2012.06.29 14:51:23 | 000,000,000 | ---- | C] () -- C:\Users\MD\defogger_reenable
[2012.06.29 14:03:27 | 418,357,210 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.06.29 10:26:10 | 001,012,656 | ---- | C] () -- C:\Users\MD\Desktop\rkill.com
[2012.06.27 17:34:53 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\Dell 1130n Laser Printer-Toner-Neubestellung.lnk
[2012.06.27 17:34:46 | 000,484,592 | ---- | C] () -- C:\Windows\SSndii.exe
[2012.06.27 17:32:17 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sdc1ml3.dll
[2012.06.27 17:32:17 | 000,000,361 | ---- | C] () -- C:\Windows\System32\sdc1ml3.smt
[2012.06.21 20:49:43 | 000,002,193 | ---- | C] () -- C:\Users\MD\Desktop\Nokia Software Updater.lnk
[2012.06.21 20:28:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.06.21 20:27:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012.06.21 20:23:59 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2012.06.15 11:28:25 | 000,027,266 | ---- | C] () -- C:\Users\MD\Desktop\Duval_CV.pdf
[2012.05.10 10:44:45 | 000,001,465 | ---- | C] () -- C:\Users\MD\AppData\Local\RecConfig.xml
[2012.04.19 15:57:42 | 000,007,602 | ---- | C] () -- C:\Users\MD\AppData\Local\Resmon.ResmonCfg
[2012.03.30 17:52:20 | 000,008,267 | ---- | C] () -- C:\Users\MD\.recently-used.xbel
[2012.02.03 16:12:27 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdooem.dll
[2012.02.03 16:12:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDOPMON.DLL
[2012.02.03 16:12:27 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDOFXPU.DLL
[2012.02.03 16:11:49 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdoserv.dll
[2012.02.03 16:11:49 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\lxdousb1.dll
[2012.02.03 16:11:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdopmui.dll
[2012.02.03 16:11:49 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\lxdohcp.dll
[2012.02.03 16:11:49 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdoinpa.dll
[2012.02.03 16:11:49 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdoinst.dll
[2012.02.03 16:11:49 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdoiesc.dll
[2012.02.03 16:11:49 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdoprox.dll
[2012.02.03 16:11:48 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdocomc.dll
[2012.02.03 16:11:48 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdohbn3.dll
[2012.02.03 16:11:48 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxdocoms.exe
[2012.02.03 16:11:48 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdolmpm.dll
[2012.02.03 16:11:48 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdocomm.dll
[2012.02.03 16:11:48 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdocfg.exe
[2012.02.03 16:11:48 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\lxdoih.exe
[2012.02.03 16:11:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdogrd.dll
[2012.01.11 21:46:32 | 000,004,096 | -H-- | C] () -- C:\Users\MD\AppData\Local\keyfile3.drm
[2011.09.29 13:07:07 | 000,003,900 | ---- | C] () -- C:\Users\MD\AppData\Roaming\com.living-e.timeEdition.plist
[2011.08.08 19:12:06 | 001,019,904 | ---- | C] ( ) -- C:\Windows\System32\LMACWNlang.dll
[2011.08.08 19:11:24 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMACWNcomc.dll
[2011.08.08 19:11:24 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMACWNinpa.dll
[2011.08.01 11:17:41 | 000,695,578 | ---- | C] () -- C:\Windows\System32\unins000.exe
[2011.08.01 11:17:41 | 000,001,067 | ---- | C] () -- C:\Windows\System32\unins000.dat
[2011.05.25 23:31:32 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.30 14:45:48 | 000,001,764 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.03.29 11:48:17 | 000,000,036 | ---- | C] () -- C:\Users\MD\AppData\Local\housecall.guid.cache
[2010.12.26 13:17:25 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.21 19:11:09 | 000,000,163 | ---- | C] () -- C:\Program Files\vorlagenpfade.v10
[2010.11.23 21:31:14 | 000,035,125 | ---- | C] () -- C:\ProgramData\lxdo
[2010.10.03 18:29:29 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.09.09 09:48:14 | 000,072,080 | ---- | C] () -- C:\Users\MD\g2mdlhlpx.exe
[2010.08.28 23:17:16 | 000,001,238 | ---- | C] () -- C:\Program Files\vl_1.vlg
[2010.08.28 23:17:16 | 000,001,100 | ---- | C] () -- C:\Program Files\vl_2.vlg
[2010.08.28 23:17:16 | 000,000,918 | ---- | C] () -- C:\Program Files\vl_3.vlg
[2010.08.28 22:50:04 | 000,004,999 | ---- | C] () -- C:\Program Files\Artikelliste.a10
[2010.08.28 22:49:51 | 000,001,162 | ---- | C] () -- C:\Program Files\vl_0.vlg
[2010.08.28 22:29:22 | 000,045,254 | ---- | C] () -- C:\Program Files\ihrlogo.bmp
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.02 15:52:17 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.02 15:52:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.02 15:52:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.02 15:52:17 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.02 15:52:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.04.19 10:57:29 | 000,000,337 | ---- | C] () -- C:\Users\MD\AppData\Local\Perfmon.PerfmonCfg
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\MD\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\MD\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\MD\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\MD\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\MD\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\MD\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2010.01.13 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\9500 Series
[2009.12.03 13:48:34 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Academic Software Zurich
[2011.09.23 15:15:33 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.09.23 12:46:14 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.04.13 10:02:16 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\digital publishing
[2012.06.30 00:00:19 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Dropbox
[2011.08.01 15:00:35 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\DVDVideoSoft
[2012.04.12 14:19:11 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\elsterformular
[2011.03.30 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\f-secure
[2009.12.25 18:34:27 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\GoPal Assistant
[2011.03.20 14:14:35 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\hdbADS
[2011.03.20 19:59:00 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\inkscape
[2012.05.10 10:40:37 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\kikin
[2009.11.05 00:16:07 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Leadertech
[2012.02.23 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Lexmark Productivity Studio
[2010.05.12 15:51:40 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Lexware
[2011.03.20 14:16:06 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\MrJobs
[2011.01.04 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\NewSoft
[2012.06.21 20:28:23 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Nokia
[2012.06.21 20:28:23 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\PC Suite
[2011.05.09 14:35:11 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\PCDr
[2009.11.07 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\PRMT
[2009.11.07 22:38:10 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\PROject MT
[2011.03.30 14:30:36 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\QuickScan
[2011.08.01 12:01:47 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Screaming Bee
[2012.04.05 11:31:12 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\SDL
[2012.02.07 12:30:17 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\SmartTools
[2012.03.06 15:59:16 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Snippage.B28FB424FD6880E47B18D7D649F6CC93BDE9B29B.1
[2012.03.17 22:26:42 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\TeamViewer
[2012.02.11 01:30:19 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Thunderbird
[2011.09.29 13:07:07 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\timeEdition
[2010.11.11 01:19:27 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\TomTom
[2011.05.09 13:21:30 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Update
[2012.06.29 13:51:27 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.18 10:09:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.29 13:51:27 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:AE5BD8534628327D

< End of report >
--- --- ---


Log-Malewarebytes:
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.29.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MD :: MD-LAPTOP [Administrator]

Schutz: Deaktiviert

29.06.2012 10:56:13
mbam-log-2012-06-29 (10-56-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 438492
Laufzeit: 2 Stunde(n), 13 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\MD\AppData\Local\oxjdj.exe (Trojan.Lameshield) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Antivir-Log:
Code:


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 29. Juni 2012  22:17

Es wird nach 3818111 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : MD
Computername  : MD-LAPTOP

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE    : 12.3.0.15    466896 Bytes  08.05.2012 14:57:37
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  08.05.2012 14:57:37
LUKE.DLL      : 12.3.0.15      68304 Bytes  08.05.2012 14:57:38
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 14:57:38
AVREG.DLL      : 12.3.0.17    232200 Bytes  10.05.2012 14:59:48
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 09:49:21
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 06:56:15
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 06:56:21
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 09:32:58
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 09:37:14
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 20:10:23
VBASE006.VDF  : 7.11.34.117    2048 Bytes  29.06.2012 20:10:23
VBASE007.VDF  : 7.11.34.118    2048 Bytes  29.06.2012 20:10:23
VBASE008.VDF  : 7.11.34.119    2048 Bytes  29.06.2012 20:10:23
VBASE009.VDF  : 7.11.34.120    2048 Bytes  29.06.2012 20:10:24
VBASE010.VDF  : 7.11.34.121    2048 Bytes  29.06.2012 20:10:24
VBASE011.VDF  : 7.11.34.122    2048 Bytes  29.06.2012 20:10:24
VBASE012.VDF  : 7.11.34.123    2048 Bytes  29.06.2012 20:10:24
VBASE013.VDF  : 7.11.34.124    2048 Bytes  29.06.2012 20:10:24
VBASE014.VDF  : 7.11.34.125    2048 Bytes  29.06.2012 20:10:24
VBASE015.VDF  : 7.11.34.126    2048 Bytes  29.06.2012 20:10:24
VBASE016.VDF  : 7.11.34.127    2048 Bytes  29.06.2012 20:10:24
VBASE017.VDF  : 7.11.34.128    2048 Bytes  29.06.2012 20:10:24
VBASE018.VDF  : 7.11.34.129    2048 Bytes  29.06.2012 20:10:24
VBASE019.VDF  : 7.11.34.130    2048 Bytes  29.06.2012 20:10:24
VBASE020.VDF  : 7.11.34.131    2048 Bytes  29.06.2012 20:10:24
VBASE021.VDF  : 7.11.34.132    2048 Bytes  29.06.2012 20:10:24
VBASE022.VDF  : 7.11.34.133    2048 Bytes  29.06.2012 20:10:24
VBASE023.VDF  : 7.11.34.134    2048 Bytes  29.06.2012 20:10:24
VBASE024.VDF  : 7.11.34.135    2048 Bytes  29.06.2012 20:10:24
VBASE025.VDF  : 7.11.34.136    2048 Bytes  29.06.2012 20:10:24
VBASE026.VDF  : 7.11.34.137    2048 Bytes  29.06.2012 20:10:24
VBASE027.VDF  : 7.11.34.138    2048 Bytes  29.06.2012 20:10:24
VBASE028.VDF  : 7.11.34.139    2048 Bytes  29.06.2012 20:10:24
VBASE029.VDF  : 7.11.34.140    2048 Bytes  29.06.2012 20:10:24
VBASE030.VDF  : 7.11.34.141    2048 Bytes  29.06.2012 20:10:24
VBASE031.VDF  : 7.11.34.156    42496 Bytes  29.06.2012 20:10:24
Engineversion  : 8.2.10.102
AEVDF.DLL      : 8.1.2.8      106867 Bytes  02.06.2012 11:06:34
AESCRIPT.DLL  : 8.1.4.28      455035 Bytes  22.06.2012 09:56:04
AESCN.DLL      : 8.1.8.2      131444 Bytes  29.03.2012 09:40:23
AESBX.DLL      : 8.2.5.12      606578 Bytes  15.06.2012 07:59:41
AERDL.DLL      : 8.1.9.15      639348 Bytes  31.01.2012 06:55:37
AEPACK.DLL    : 8.2.16.22    807288 Bytes  22.06.2012 09:56:04
AEOFFICE.DLL  : 8.1.2.40      201082 Bytes  28.06.2012 14:29:59
AEHEUR.DLL    : 8.1.4.58    4993399 Bytes  28.06.2012 14:29:59
AEHELP.DLL    : 8.1.23.2      258422 Bytes  28.06.2012 14:29:57
AEGEN.DLL      : 8.1.5.30      422261 Bytes  15.06.2012 07:59:06
AEEXP.DLL      : 8.1.0.58      82292 Bytes  28.06.2012 14:29:59
AEEMU.DLL      : 8.1.3.0      393589 Bytes  31.01.2012 06:55:34
AECORE.DLL    : 8.1.25.10    201080 Bytes  31.05.2012 19:54:09
AEBB.DLL      : 8.1.1.0        53618 Bytes  31.01.2012 06:55:33
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 14:57:37
AVPREF.DLL    : 12.3.0.15      51920 Bytes  08.05.2012 14:57:37
AVREP.DLL      : 12.3.0.15    179208 Bytes  08.05.2012 14:57:38
AVARKT.DLL    : 12.3.0.15    211408 Bytes  08.05.2012 14:57:37
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  08.05.2012 14:57:37
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  08.05.2012 14:57:38
AVSMTP.DLL    : 12.3.0.15      63440 Bytes  08.05.2012 14:57:38
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 14:57:38
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 14:57:37
RCTEXT.DLL    : 12.3.0.15      98512 Bytes  08.05.2012 14:57:37

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:, S:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 29. Juni 2012  22:17

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'S:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NOTEPAD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpn-gui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tvt_reg_monitor_svc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LxUpdateManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WrtProc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WrtMon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpScrex.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '1' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Programme\Acrobat 9.0\Acrobat\acrotray.exe>
  [WARNUNG]  Die Datei konnte nicht geöffnet werden!
  [HINWEIS]  Die Datei existiert nicht!
  [HINWEIS]  Prozess 'acrotray.exe' wurde beendet
Durchsuche Prozess 'TPONSCR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVOSDSVC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SvcGuiHlpr.exe' - '1' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Programme\Access Connections\SvcGuiHlpr.exe>
  [WARNUNG]  Die Datei konnte nicht geöffnet werden!
  [HINWEIS]  Die Datei existiert nicht!
  [HINWEIS]  Prozess 'SvcGuiHlpr.exe' wurde beendet
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LFKA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCONTROL.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcSvc.exe' - '1' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Programme\Access Connections\AcSvc.exe>
  [WARNUNG]  Die Datei konnte nicht geöffnet werden!
  [HINWEIS]  Die Datei existiert nicht!
  [HINWEIS]  Prozess 'AcSvc.exe' wurde beendet
Durchsuche Prozess 'TPHKSVC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nlssrv32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nalserv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxdocoms.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Programme\VPN Client\cvpnd.exe>
  [WARNUNG]  Die Datei konnte nicht geöffnet werden!
  [HINWEIS]  Die Datei existiert nicht!
  [HINWEIS]  Prozess 'cvpnd.exe' wurde beendet
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '1' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Programme\Access Connections\AcPrfMgrSvc.exe>
  [WARNUNG]  Die Datei konnte nicht geöffnet werden!
  [HINWEIS]  Die Datei existiert nicht!
  [HINWEIS]  Prozess 'AcPrfMgrSvc.exe' wurde beendet
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LFKAS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SbieSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <SW_Preload>
C:\Program Files\phase5\keyfile.zip
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\Program Files\SDL\SDL Passolo\Passolo Essential 2011\Samples\SamplesEssential.zip
  [WARNUNG]  Der Archivheader ist defekt
C:\ProgramData\Package Cache\SDL\SDLTradosStudio2011SP1\studio2.ts2
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\ProgramData\SDL\SDL Trados Studio\Studio2\Updates\StudioUpdateClient.dat
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014AR00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014BR00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014CZ00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014DK00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014FI00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014FR00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014GK00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014GR00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014HB00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014HK00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014HU00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014IT00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014JP00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014KR00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014NL00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014NO00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014PL00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014PO00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014RU00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014SC00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014SP00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014SV00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014TC00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014TR00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr\Z633ZAB1014US00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr43gr\Z902ZAB1027GR00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\SWTOOLS\Apps\rnr43gr\Z902ZAB1027US00.TVT
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\Users\MD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\88b2c4e-7cb58640
  [0] Archivtyp: ZIP
  --> cmsmardgh/bnqynsbqyud.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.DA
  --> cmsmardgh/tssavphegrduygcscqyl.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DS
C:\Users\MD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\77570aa0-57a85438
  [0] Archivtyp: ZIP
  --> qvqweqb/hlemvlrvuvybueaymvwqlmw.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/10-0840.CM.1
  --> qvqweqb/hqdjyhsck.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/10-0840.CT.1
  --> qvqweqb/kvjeh.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/10-0840.CR.1
  --> qvqweqb/lbtwuduqypckyhgybn.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/10-0840.CQ.1
  --> qvqweqb/mmapavhrswfua.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/10-0840.CP.1
  --> qvqweqb/perldhkjccfwf.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/10-0840.CN.1
  --> qvqweqb/yrkpjtdd.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/10-0840.DU.1
C:\Users\MD\AppData\Roaming\Update\full_5802_25_32_03\full_5802_25_32_03.exe.000
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Users\MD\Desktop\Translation\SDLTradosStudio2011_SP1.exe
  [WARNUNG]  Die Datei ist kennwortgeschützt
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'Q:\' <Lenovo>
Q:\swtools\apps\antivirus\McAfee\USGRITFRNL\Apps\MSC\msclgmis.cab
  [WARNUNG]  Die Datei ist kennwortgeschützt
Beginne mit der Suche in 'S:\' <SERVICEV003>

Beginne mit der Desinfektion:
C:\Users\MD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\77570aa0-57a85438
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/10-0840.DU.1
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '566e8c09.qua' verschoben!
C:\Users\MD\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\88b2c4e-7cb58640
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DS
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e8aa3af.qua' verschoben!


Ende des Suchlaufs: Freitag, 29. Juni 2012  23:52
Benötigte Zeit:  1:34:06 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  29384 Verzeichnisse wurden überprüft
 978027 Dateien wurden geprüft
      9 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      5 Dateien konnten nicht durchsucht werden
 978013 Dateien ohne Befall
  7489 Archive wurden durchsucht
    39 Warnungen
      7 Hinweise
Ich bin mir nicht sicher, wie ich nun weiter verfahren soll und bin für jede Hilfe dankbar.

Vielen Dank.

hier noch eine aktuelles Log-File von ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9145d63665e5294383771e3b82f63186
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-30 05:25:17
# local_time=2012-06-30 07:25:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 60695016 60695016 0 0
# compatibility_mode=1792 16777215 100 0 8036846 8036846 0 0
# compatibility_mode=5893 16776574 100 94 17793585 92681319 0 0
# compatibility_mode=8192 67108863 100 0 215 215 0 0
# scanned=203583
# found=0
# cleaned=0
# scan_time=26988

Martin79 01.07.2012 12:36
und noch das Log von SuperAntiSpyware:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/01/2012 at 11:59 AM

Application Version : 5.5.1006

Core Rules Database Version : 8827
Trace Rules Database Version: 6639

Scan type      : Complete Scan
Total Scan Time : 02:01:18

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 874
Memory threats detected  : 0
Registry items scanned    : 37329
Registry threats detected : 0
File items scanned        : 186105
File threats detected    : 105

Trojan.Agent/Gen-Zbot
        C:\PROGRAM FILES\SDL\SDL PASSOLO\PASSOLO ESSENTIAL 2011\SYSTEM\DNDOTNET\DNDOTNET.DLL

Adware.Tracking Cookie
        .doubleclick.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        www.crackserialcodes.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        www.crackserialcodes.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .de.at.atwola.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjkywjazeaq.stats.esomniture.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .stats.paypal.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .next-gen-elite.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .ibm.122.2o7.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .surveymonkey.122.2o7.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W3M84XKL.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad2.adfarm1.adition.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad3.adfarm1.adition.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adserver.gb5.motorpresse.de [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.zanox.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fastclick.net [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        eas.apm.emediate.eu [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\MD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]

cosinus 10.07.2012 20:32
Bitte routinemäßig einen neuen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Martin79 10.07.2012 22:55
Hallo Arne,

hier das aktuelle Log:


Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.10.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MD :: MD-LAPTOP [Administrator]

Schutz: Deaktiviert

10.07.2012 22:02:37
mbam-log-2012-07-10 (22-02-37).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 425464
Laufzeit: 1 Stunde(n), 44 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Hier die älteren Logs:
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.07.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MD :: MD-LAPTOP [Administrator]

Schutz: Deaktiviert

07.07.2012 11:43:16
mbam-log-2012-07-07 (11-43-16).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418499
Laufzeit: 1 Stunde(n), 36 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.01.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MD :: MD-LAPTOP [Administrator]

Schutz: Deaktiviert

01.07.2012 14:15:44
mbam-log-2012-07-01 (14-15-44).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 432723
Laufzeit: 1 Stunde(n), 33 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hier das Log mit Fund:
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.29.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MD :: MD-LAPTOP [Administrator]

Schutz: Deaktiviert

29.06.2012 10:56:13
mbam-log-2012-06-29 (10-56-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 438492
Laufzeit: 2 Stunde(n), 13 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\MD\AppData\Local\oxjdj.exe (Trojan.Lameshield) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.13.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MD :: MD-LAPTOP [Administrator]

Schutz: Deaktiviert

13.06.2012 10:31:14
mbam-log-2012-06-13 (10-31-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 242855
Laufzeit: 6 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 11.07.2012 10:23
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Martin79 11.07.2012 10:51
Hallo Arne,

ich kann soweit keine Probleme im normalen Windowsbetrieb feststellen.
Läuft alles unauffällig.

Leere Ordner kann ich nicht erkennen. Ich meine es wäre alles vorhanden.

cosinus 11.07.2012 13:58
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Martin79 11.07.2012 14:28
Hier das Log von adwCleaner:

Code:

# AdwCleaner v1.701 - Logfile created 07/11/2012 at 15:25:56
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : MD - MD-LAPTOP
# Running from : C:\Users\MD\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\MD\AppData\Roaming\Mozilla\Firefox\Profiles\yqpafj8u.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w3m84xkl.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.47

File : C:\Users\MD\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1101 octets] - [11/07/2012 15:25:56]

########## EOF - C:\AdwCleaner[R1].txt - [1229 octets] ##########

cosinus 11.07.2012 14:48
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Martin79 11.07.2012 15:21
Hier das Log von OTL:
OTL Logfile:
Code:
OTL logfile created on: 11.07.2012 16:01:32 - Run 7
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\MD\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,99% Memory free
5,93 Gb Paging File | 4,54 Gb Available in Paging File | 76,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,65 Gb Total Space | 147,40 Gb Free Space | 66,50% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 3,70 Gb Free Space | 37,88% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,67 Gb Free Space | 45,67% Space Free | Partition Type: NTFS
 
Computer Name: MD-LAPTOP | User Name: MD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\MD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\nalserv.exe (Nalpeiron Ltd.)
PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Users\MD\AppData\Local\Apps\2.0\V9NOXPVR.A8C\YA85CVZ8.MTM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Lexmark 9500 Series\lxdoamon.exe ()
PRC - C:\Program Files\Lexmark 9500 Series\lxdomon.exe ()
PRC - C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Lenovo)
PRC - C:\Program Files\Lenovo\ATK Hotkey\LControl.exe (ATK0101)
PRC - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
PRC - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
PRC - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\lxdocoms.exe ( )
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Users\MD\AppData\Local\Apps\2.0\V9NOXPVR.A8C\YA85CVZ8.MTM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files\Lexmark 9500 Series\lxdoamon.exe ()
MOD - C:\Program Files\Lexmark 9500 Series\lxdomon.exe ()
MOD - C:\Program Files\Lexmark 9500 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files\Lexmark 9500 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files\Lexmark 9500 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Programme\Lenovo\Access Connections\AcDeskBand.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Program Files\Lexmark 9500 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files\Lexmark 9500 Series\lxdoscw.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxdodatr.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxdocats.dll ()
MOD - C:\Program Files\Lenovo\ATK Hotkey\AGFNEX.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NalServ) -- C:\Windows\System32\nalserv.exe (Nalpeiron Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (nlsX86cc) -- C:\Windows\System32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LFKAS) -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe ()
SRV - (ASLDRService) -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe ()
SRV - (lxdo_device) -- C:\Windows\System32\lxdocoms.exe ( )
SRV - (wampapache) -- C:\Program Files\wamp\bin\apache\apache2.2.6\bin\httpd.exe (Apache Software Foundation)
SRV - (lxdoCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdoserv.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (wampmysqld) -- C:\Program Files\wamp\bin\mysql\mysql4.1.21\bin\mysqld-nt.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found
DRV - (catchme) -- C:\Users\MD\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (MTsensor32) -- C:\Windows\System32\drivers\PuAcpi32.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (ASMMAP) -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-291211984-3754166486-409696321-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-291211984-3754166486-409696321-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-291211984-3754166486-409696321-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-291211984-3754166486-409696321-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF A7 AE B0 90 19 CD 01  [binary data]
IE - HKU\S-1-5-21-291211984-3754166486-409696321-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-291211984-3754166486-409696321-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-291211984-3754166486-409696321-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-291211984-3754166486-409696321-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {f035aa18-ee32-4e6e-81d2-57e32867f8a7}:1.17
FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.26
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {B97F57B9-1B42-4aed-9475-0022600C62DC}:2.6
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.10
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.21 21:54:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.29 13:59:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 10:35:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.21 21:54:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.29 13:59:31 | 000,000,000 | ---D | M]
 
[2010.11.11 01:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MD\AppData\Roaming\mozilla\Extensions
[2010.11.11 01:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MD\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.01 16:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions
[2011.04.13 12:09:25 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2012.03.30 11:05:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.13 12:09:25 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.04.13 12:09:25 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
[2010.11.19 10:36:01 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.05.19 11:19:43 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012.01.02 10:43:09 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\MD\AppData\Roaming\mozilla\Firefox\Profiles\yqpafj8u.default\extensions\foxmarks@kei.com
[2011.08.03 22:19:56 | 000,001,632 | ---- | M] () -- C:\Users\MD\AppData\Roaming\Mozilla\Firefox\Profiles\yqpafj8u.default\searchplugins\firefox-add-ons.xml
[2012.06.29 13:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.16 15:14:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009.11.22 19:24:50 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2012.06.29 13:59:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.05.18 14:21:55 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011.08.03 22:44:55 | 000,870,767 | ---- | M] () (No name found) -- C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\EXTENSIONS\FIREBUG@TOOLS.SITEPOINT.COM.XPI
[2012.04.11 14:17:12 | 000,084,034 | ---- | M] () (No name found) -- C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\EXTENSIONS\FIREPHPEXTENSION-BUILD@FIREPHP.ORG.XPI
[2012.06.21 21:54:51 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.21 21:54:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.21 21:54:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 21:54:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 21:54:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 21:54:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 21:54:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MD\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MD\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\MD\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\MD\AppData\Local\Google\Chrome\Application\20.0.1132.47\gears.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\MD\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\MD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
 
O1 HOSTS File: ([2011.05.19 12:26:03 | 000,000,077 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1      localhost127.0.0.1      localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-291211984-3754166486-409696321-1001\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-291211984-3754166486-409696321-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcWin7Hlpr.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell PanelMgr] C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Lexmark 9500 Series Fax Server] C:\Program Files\Lexmark 9500 Series\fm3032.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [lxdoamon] C:\Program Files\Lexmark 9500 Series\lxdoamon.exe ()
O4 - HKLM..\Run: [lxdomon.exe] C:\Program Files\Lexmark 9500 Series\lxdomon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-291211984-3754166486-409696321-1001..\Run: [AVMUSBFernanschluss] C:\Users\MD\AppData\Local\Apps\2.0\V9NOXPVR.A8C\YA85CVZ8.MTM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - Startup: C:\Users\MD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\MD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Windows\System32\schtasks.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-291211984-3754166486-409696321-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-291211984-3754166486-409696321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O15 - HKU\S-1-5-21-291211984-3754166486-409696321-1001\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-291211984-3754166486-409696321-1001\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03BC55A9-7D6C-4F05-A5F3-DE7C33F6165A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19893DDC-76E9-4855-9010-1D9C0C250EED}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27BB6183-1AE2-43EB-B270-6D12CBE226EF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico - ()
MsConfig - StartUpFolder: C:^Users^MD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe - (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
MsConfig - StartUpReg: CloneCDTray - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.CSCD - C:\Windows\System32\camcodec.dll (RenderSoft Software)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.11 15:56:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\MD\Desktop\OTL.exe
[2012.06.30 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\MD\Desktop\Logs_Viren
[2012.06.27 17:36:14 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.sys
[2012.06.27 17:36:12 | 000,057,344 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll
[2012.06.27 17:36:12 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll
[2012.06.27 17:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2012.06.27 17:34:46 | 000,000,000 | ---D | C] -- C:\Windows\Dell
[2012.06.27 17:32:05 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sdc1mci.exe
[2012.06.27 17:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2012.06.23 16:29:01 | 000,000,000 | ---D | C] -- C:\Users\MD\AppData\Local\Macromedia
[2012.06.21 20:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.06.21 20:49:42 | 000,000,000 | ---D | C] -- C:\Users\MD\AppData\Local\Nokia
[2012.06.21 20:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012.06.21 20:24:26 | 000,000,000 | ---D | C] -- C:\Users\MD\AppData\Roaming\PC Suite
[2012.06.21 20:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012.06.21 20:24:25 | 000,000,000 | ---D | C] -- C:\Users\MD\AppData\Roaming\Nokia
[2012.06.21 20:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.06.21 20:23:44 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012.06.21 20:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012.06.21 20:23:08 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2012.06.21 20:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010.08.28 22:32:53 | 022,792,192 | ---- | C] (www.top-rechnung.de) -- C:\Program Files\TOP-RECHNUNG 10.exe
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\MD\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\MD\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\MD\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\MD\AppData\Local\bass.dll
[24 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[24 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[19 C:\Users\MD\Desktop\*.tmp files -> C:\Users\MD\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.11 15:56:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MD\Desktop\OTL.exe
[2012.07.11 15:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.11 15:24:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-291211984-3754166486-409696321-1001UA.job
[2012.07.11 12:00:11 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.07.11 10:12:07 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.11 10:12:07 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.11 10:03:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.11 10:03:50 | 2388,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.10 22:11:11 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-291211984-3754166486-409696321-1001Core.job
[2012.07.06 20:54:06 | 000,004,096 | -H-- | M] () -- C:\Users\MD\AppData\Local\keyfile3.drm
[2012.07.05 10:07:16 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.05 10:07:16 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.05 10:07:16 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.05 10:07:16 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.02 00:41:20 | 000,001,764 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.06.30 19:05:27 | 000,002,395 | ---- | M] () -- C:\Users\MD\Desktop\Google Chrome.lnk
[2012.06.29 14:51:23 | 000,000,000 | ---- | M] () -- C:\Users\MD\defogger_reenable
[2012.06.29 13:51:27 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.27 17:34:53 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\Dell 1130n Laser Printer-Toner-Neubestellung.lnk
[2012.06.27 09:51:58 | 000,035,125 | ---- | M] () -- C:\ProgramData\lxdo
[2012.06.21 20:28:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.06.21 20:27:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012.06.16 11:56:48 | 000,007,602 | ---- | M] () -- C:\Users\MD\AppData\Local\Resmon.ResmonCfg
[2012.06.15 11:28:25 | 000,027,266 | ---- | M] () -- C:\Users\MD\Desktop\Duval_CV.pdf
[2012.06.15 08:53:29 | 003,743,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 10:28:18 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[24 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[24 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[19 C:\Users\MD\Desktop\*.tmp files -> C:\Users\MD\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.07.02 13:27:17 | 000,000,022 | ---- | C] () -- C:\Program Files\prg_e.cfg
[2012.06.29 14:51:23 | 000,000,000 | ---- | C] () -- C:\Users\MD\defogger_reenable
[2012.06.27 17:34:53 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\Dell 1130n Laser Printer-Toner-Neubestellung.lnk
[2012.06.27 17:34:46 | 000,484,592 | ---- | C] () -- C:\Windows\SSndii.exe
[2012.06.27 17:32:17 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sdc1ml3.dll
[2012.06.27 17:32:17 | 000,000,361 | ---- | C] () -- C:\Windows\System32\sdc1ml3.smt
[2012.06.21 20:28:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.06.21 20:27:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012.06.15 11:28:25 | 000,027,266 | ---- | C] () -- C:\Users\MD\Desktop\Duval_CV.pdf
[2012.05.10 10:44:45 | 000,001,465 | ---- | C] () -- C:\Users\MD\AppData\Local\RecConfig.xml
[2012.04.19 15:57:42 | 000,007,602 | ---- | C] () -- C:\Users\MD\AppData\Local\Resmon.ResmonCfg
[2012.03.30 17:52:20 | 000,008,267 | ---- | C] () -- C:\Users\MD\.recently-used.xbel
[2012.02.03 16:12:27 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdooem.dll
[2012.02.03 16:12:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDOPMON.DLL
[2012.02.03 16:12:27 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDOFXPU.DLL
[2012.02.03 16:11:49 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdoserv.dll
[2012.02.03 16:11:49 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\lxdousb1.dll
[2012.02.03 16:11:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdopmui.dll
[2012.02.03 16:11:49 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\lxdohcp.dll
[2012.02.03 16:11:49 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdoinpa.dll
[2012.02.03 16:11:49 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdoinst.dll
[2012.02.03 16:11:49 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdoiesc.dll
[2012.02.03 16:11:49 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdoprox.dll
[2012.02.03 16:11:48 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdocomc.dll
[2012.02.03 16:11:48 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdohbn3.dll
[2012.02.03 16:11:48 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxdocoms.exe
[2012.02.03 16:11:48 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdolmpm.dll
[2012.02.03 16:11:48 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdocomm.dll
[2012.02.03 16:11:48 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdocfg.exe
[2012.02.03 16:11:48 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\lxdoih.exe
[2012.02.03 16:11:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdogrd.dll
[2012.01.11 21:46:32 | 000,004,096 | -H-- | C] () -- C:\Users\MD\AppData\Local\keyfile3.drm
[2011.09.29 13:07:07 | 000,003,900 | ---- | C] () -- C:\Users\MD\AppData\Roaming\com.living-e.timeEdition.plist
[2011.08.08 19:12:06 | 001,019,904 | ---- | C] ( ) -- C:\Windows\System32\LMACWNlang.dll
[2011.08.08 19:11:24 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMACWNcomc.dll
[2011.08.08 19:11:24 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMACWNinpa.dll
[2011.08.01 11:17:41 | 000,695,578 | ---- | C] () -- C:\Windows\System32\unins000.exe
[2011.08.01 11:17:41 | 000,001,067 | ---- | C] () -- C:\Windows\System32\unins000.dat
[2011.05.25 23:31:32 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.30 14:45:48 | 000,001,764 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.03.29 11:48:17 | 000,000,036 | ---- | C] () -- C:\Users\MD\AppData\Local\housecall.guid.cache
[2010.12.26 13:17:25 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.21 19:11:09 | 000,000,163 | ---- | C] () -- C:\Program Files\vorlagenpfade.v10
[2010.11.23 21:31:14 | 000,035,125 | ---- | C] () -- C:\ProgramData\lxdo
[2010.10.03 18:29:29 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.09.09 09:48:14 | 000,072,080 | ---- | C] () -- C:\Users\MD\g2mdlhlpx.exe
[2010.08.28 23:17:16 | 000,001,238 | ---- | C] () -- C:\Program Files\vl_1.vlg
[2010.08.28 23:17:16 | 000,001,100 | ---- | C] () -- C:\Program Files\vl_2.vlg
[2010.08.28 23:17:16 | 000,000,918 | ---- | C] () -- C:\Program Files\vl_3.vlg
[2010.08.28 22:50:04 | 000,004,999 | ---- | C] () -- C:\Program Files\Artikelliste.a10
[2010.08.28 22:49:51 | 000,001,162 | ---- | C] () -- C:\Program Files\vl_0.vlg
[2010.08.28 22:29:22 | 000,045,254 | ---- | C] () -- C:\Program Files\ihrlogo.bmp
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.02 15:52:17 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.02 15:52:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.02 15:52:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.02 15:52:17 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.02 15:52:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.04.19 10:57:29 | 000,000,337 | ---- | C] () -- C:\Users\MD\AppData\Local\Perfmon.PerfmonCfg
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\MD\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\MD\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\MD\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\MD\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\MD\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\MD\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2010.02.06 12:15:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\9500 Series
[2009.11.25 23:47:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Academic Software Zurich
[2010.02.18 15:20:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lexmark Productivity Studio
[2010.05.15 11:09:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lexware
[2010.01.13 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\9500 Series
[2009.12.03 13:48:34 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Academic Software Zurich
[2011.09.23 15:15:33 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.09.23 12:46:14 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.04.13 10:02:16 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\digital publishing
[2012.07.11 10:05:30 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Dropbox
[2011.08.01 15:00:35 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\DVDVideoSoft
[2012.04.12 14:19:11 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\elsterformular
[2011.03.30 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\f-secure
[2009.12.25 18:34:27 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\GoPal Assistant
[2011.03.20 14:14:35 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\hdbADS
[2011.03.20 19:59:00 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\inkscape
[2009.11.05 00:16:07 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Leadertech
[2012.02.23 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Lexmark Productivity Studio
[2010.05.12 15:51:40 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Lexware
[2011.03.20 14:16:06 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\MrJobs
[2011.01.04 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\NewSoft
[2012.06.21 20:28:23 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Nokia
[2012.06.21 20:28:23 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\PC Suite
[2011.05.09 14:35:11 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\PCDr
[2009.11.07 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\PRMT
[2009.11.07 22:38:10 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\PROject MT
[2011.03.30 14:30:36 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\QuickScan
[2011.08.01 12:01:47 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Screaming Bee
[2012.04.05 11:31:12 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\SDL
[2012.02.07 12:30:17 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\SmartTools
[2012.03.06 15:59:16 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Snippage.B28FB424FD6880E47B18D7D649F6CC93BDE9B29B.1
[2012.03.17 22:26:42 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\TeamViewer
[2012.02.11 01:30:19 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Thunderbird
[2011.09.29 13:07:07 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\timeEdition
[2010.11.11 01:19:27 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\TomTom
[2011.05.09 13:21:30 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Update
[2010.11.06 10:30:41 | 000,000,000 | ---D | M] -- C:\Users\SYSTEM\AppData\Roaming\9500 Series
[2010.11.06 10:30:38 | 000,000,000 | ---D | M] -- C:\Users\SYSTEM\AppData\Roaming\Coverpgs
[2012.06.29 13:51:27 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.18 10:09:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.11 12:00:11 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.13 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\9500 Series
[2009.12.03 13:48:34 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Academic Software Zurich
[2011.12.13 00:20:30 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Adobe
[2010.06.20 20:56:25 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Apple Computer
[2012.03.29 13:19:43 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Avira
[2011.09.23 15:15:33 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.09.23 12:46:14 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.04.13 10:02:16 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\digital publishing
[2009.11.08 19:59:30 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\DivX
[2012.07.11 10:05:30 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Dropbox
[2011.08.01 15:00:35 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\DVDVideoSoft
[2012.04.12 14:19:11 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\elsterformular
[2011.03.30 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\f-secure
[2009.12.25 18:34:27 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\GoPal Assistant
[2011.03.20 14:14:35 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\hdbADS
[2009.11.04 23:13:52 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Identities
[2011.03.20 19:59:00 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\inkscape
[2009.11.05 00:31:06 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\InstallShield
[2009.11.05 00:16:07 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Leadertech
[2012.02.23 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Lexmark Productivity Studio
[2010.05.12 15:51:40 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Lexware
[2009.11.06 23:46:48 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Macromedia
[2010.07.28 09:10:22 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Media Center Programs
[2012.06.23 16:29:01 | 000,000,000 | --SD | M] -- C:\Users\MD\AppData\Roaming\Microsoft
[2009.11.05 00:20:27 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Mozilla
[2011.03.20 14:16:06 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\MrJobs
[2011.01.04 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\NewSoft
[2012.06.21 20:28:23 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Nokia
[2012.06.21 20:28:23 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\PC Suite
[2011.05.09 14:35:11 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\PCDr
[2009.11.07 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\PRMT
[2009.11.07 22:38:10 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\PROject MT
[2011.03.30 14:30:36 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\QuickScan
[2011.08.01 12:01:47 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Screaming Bee
[2012.04.05 11:31:12 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\SDL
[2012.07.04 18:16:25 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Skype
[2011.06.23 08:48:26 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\skypePM
[2012.02.07 12:30:17 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\SmartTools
[2012.03.06 15:59:16 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Snippage.B28FB424FD6880E47B18D7D649F6CC93BDE9B29B.1
[2011.07.28 23:32:58 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\SunODFPluginforMicrosoftOffice
[2012.03.17 22:26:42 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\TeamViewer
[2012.02.11 01:30:19 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Thunderbird
[2011.09.29 13:07:07 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\timeEdition
[2010.11.11 01:19:27 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\TomTom
[2011.05.09 13:21:30 | 000,000,000 | ---D | M] -- C:\Users\MD\AppData\Roaming\Update
 
< %APPDATA%\*.exe /s >
[2010.11.25 03:03:02 | 003,611,904 | ---- | M] (digital publishing AG) -- C:\Users\MD\AppData\Roaming\digital publishing\cltlms\dpLanguageClient.exe
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\MD\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\MD\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\MD\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.03.06 16:01:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MD\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.08.03 23:04:53 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\MD\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.03.16 15:51:10 | 000,010,134 | R--- | M] () -- C:\Users\MD\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2011.03.16 15:51:10 | 000,000,766 | R--- | M] () -- C:\Users\MD\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2012.05.10 10:41:15 | 000,003,262 | R--- | M] () -- C:\Users\MD\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe
[2012.05.10 10:41:15 | 000,010,134 | R--- | M] () -- C:\Users\MD\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe
[2010.07.29 00:30:40 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\MD\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2012.04.05 11:14:03 | 000,010,134 | R--- | M] () -- C:\Users\MD\AppData\Roaming\Microsoft\Installer\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}\ARPPRODUCTICON.exe
[2012.06.29 11:35:11 | 007,464,864 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Binaries\patch_ltt_580225to584923_32_10.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\02c9e469-cbed-46ab-a18d-be8dff52b45a\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\04ce5cef-8559-4b07-9851-c24e8bc84edf\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\11d2fdf8-fa67-490d-b627-d3a3ec3c79dd\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\1c234116-5556-42f6-828e-49767ad3b978\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\23989206-21fd-4957-81c6-95eb6a2af630\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\246a3b1d-6069-43d1-b049-9be63870537f\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\27ddc117-6abb-481c-a0cd-a4caee4429c7\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\2a82ec45-9199-433a-b799-5a612574be50\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\2d255719-186b-4c8f-8729-12dd5601d7a4\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\2ffaa025-848a-472c-82aa-1156277463c0\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\3ae8a598-5802-4d19-be00-7c636eff659e\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\3ef8329c-f850-4a26-b9f6-8b31cb099eb1\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\3faccc12-7130-4b51-a134-1caf8e8518bc\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\43aacbf7-de1a-435d-8461-3f3b863098ce\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\46a306fd-8498-4cff-a247-04652ba08bad\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\5df81c0d-c428-41bb-a9e0-413d02f04c01\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\68166031-4d14-4715-9b82-d9c3827baf42\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\6f2db241-20e2-4e4b-8c52-269c3ae4dd8b\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\70750ae0-7303-4afb-952d-b9f50221d21a\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\7858053c-40b2-4df2-8da0-254c295e1bf6\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\79c95bd1-5bd7-4fb6-911f-fb8cbb3c2db2\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\7e5ffc0c-2621-49e0-bd13-608e5fce9eda\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\80af3195-181c-4029-b50d-758c96cba3c8\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\aa5ccfe7-99f2-4da6-836e-4c97e3436486\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\acb3f353-8c01-41ab-b5d6-328bf63bf8ff\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\ad9b7cc9-b058-4dc9-b1c4-2a4dcdd45847\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\ad9cd81d-3390-45cd-b457-a0c213828803\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\b17e798a-eb06-4857-8573-56dd22955946\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\b576bc32-cba5-467a-b4aa-028882e2de95\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\d1454cc7-d6b1-44fe-b650-b104414bbe80\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\d90e1b19-659f-4d37-93ac-af645b525b77\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\d9c14f17-8144-4738-a6e1-420fb75dd7a9\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\e116fc1b-d704-4afd-ad5a-591a75b6d732\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\e557866d-d922-4092-8f45-3e6bc2b53c8e\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\ece4ad8b-09a4-47d8-a9d7-221ca18e6f66\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\f3d2b266-ce5a-41bd-993f-bef32f452f5f\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\f783cfe3-0599-4371-baca-fba169fe5280\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\f82f94ea-5c45-4546-a74a-71589382af06\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\fe175121-020d-4485-9655-02a223feb3e4\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\PCDr\Update\Rules\fe5019f1-b5af-4fc7-9293-80e717c13d2d\LenovoSignedAppUpdaterRules\AddCertificate.exe
[2011.05.09 13:24:03 | 041,120,568 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\MD\AppData\Roaming\Update\full_5802_25_32_03\full_5802_25_32_03.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.02.15 01:15:44 | 000,387,096 | ---- | M] (Intel Corporation) MD5=04CC972D1A64E966AF82899C336E8D31 -- C:\DRIVERS\BOOT\amd64\IaStor.sys
[2009.02.11 11:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys
[2008.04.21 00:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\DRIVERS\BOOT\x86\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:AE5BD8534628327D

< End of report >
--- --- ---

cosinus 11.07.2012 21:36
Ist das rein zufällig ein Firmenlaptop?

Code:
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
 PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
Win7 Pro + Acrobat (also das Vollprogramm und nicht nur der reine Reader) gehören nicht gerade zur typische Ausstattung eines Heimanwenders!

Martin79 11.07.2012 21:55
Ne, das ist kein Firmenlaptop - den musste ich mir schön selber kaufen.

cosinus 12.07.2012 10:24
Und wozu hast du ein Win7 Pro? :confused:

Martin79 12.07.2012 10:49
Bei dieser Win 7 Pro handelt es sich um eine Campuslizenz für Mitarbeiter an Universitäten.... ich habe den Laptop gekauft und diesen meinem Hiwi hingelegt mit der Bitte er möge mir Win 7 draufziehen (der Laptop wurde mit Vista verkauft).....dies ist das Ergebnis........

Hat der Befall etwas mit Win 7 Pro zu tun?

cosinus 12.07.2012 14:37
Nein ich wunder mich immer nur wieder, dass so viele Home-User eine Proversion von Windows haben und dann teure Adobe-Software und und und :confused:

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKLM..\Run: []  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-291211984-3754166486-409696321-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-291211984-3754166486-409696321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2014.07.02 13:27:17 | 000,000,022 | ---- | C] () -- C:\Program Files\prg_e.cfg
@Alternate Data Stream - 24 bytes -> C:\Windows:AE5BD8534628327D
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Martin79 12.07.2012 15:07
Das hat mir OTL nach dem Reboot ausgespuckt:

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 12.07.2012 15:19
Mehr nicht? :confused:

Martin79 12.07.2012 15:24
Ne, leider nicht.
OTL hat gearbeitet, dann Reboot und nach dem Reboot die kurze Ausgabe.

cosinus 12.07.2012 17:58
Wiederhol den FIx bitte

Martin79 12.07.2012 18:09
jetzt sah das schon anders aus:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-291211984-3754166486-409696321-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-21-291211984-3754166486-409696321-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File C:\Program Files\prg_e.cfg not found.
Unable to delete ADS C:\Windows:AE5BD8534628327D .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: MD
->Temp folder emptied: 9150 bytes
->Temporary Internet Files folder emptied: 366301 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 72521912 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: SYSTEM
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10408 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 70,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: MD
->Flash cache emptied: 0 bytes
 
User: Public
 
User: SYSTEM
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07122012_190452

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 12.07.2012 19:31
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Martin79 12.07.2012 21:10
Code:
21:59:39.0498 3604        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
21:59:39.0591 3604        ============================================================
21:59:39.0591 3604        Current date / time: 2012/07/12 21:59:39.0591
21:59:39.0591 3604        SystemInfo:
21:59:39.0591 3604       
21:59:39.0591 3604        OS Version: 6.1.7601 ServicePack: 1.0
21:59:39.0591 3604        Product type: Workstation
21:59:39.0591 3604        ComputerName: MD-LAPTOP
21:59:39.0592 3604        UserName: MD
21:59:39.0592 3604        Windows directory: C:\Windows
21:59:39.0592 3604        System windows directory: C:\Windows
21:59:39.0592 3604        Processor architecture: Intel x86
21:59:39.0592 3604        Number of processors: 2
21:59:39.0592 3604        Page size: 0x1000
21:59:39.0592 3604        Boot type: Normal boot
21:59:39.0592 3604        ============================================================
21:59:41.0343 3604        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:59:41.0349 3604        ============================================================
21:59:41.0349 3604        \Device\Harddisk0\DR0:
21:59:41.0349 3604        MBR partitions:
21:59:41.0349 3604        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
21:59:41.0349 3604        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BB4E000
21:59:41.0349 3604        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BE3C800, BlocksNum 0x1388970
21:59:41.0349 3604        ============================================================
21:59:41.0394 3604        C: <-> \Device\Harddisk0\DR0\Partition1
21:59:41.0418 3604        S: <-> \Device\Harddisk0\DR0\Partition0
21:59:41.0474 3604        Q: <-> \Device\Harddisk0\DR0\Partition2
21:59:41.0474 3604        ============================================================
21:59:41.0475 3604        Initialize success
21:59:41.0475 3604        ============================================================
22:02:45.0090 3724        ============================================================
22:02:45.0090 3724        Scan started
22:02:45.0090 3724        Mode: Manual; SigCheck; TDLFS;
22:02:45.0090 3724        ============================================================
22:02:46.0681 3724        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:02:46.0884 3724        1394ohci - ok
22:02:46.0993 3724        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:02:47.0040 3724        ACPI - ok
22:02:47.0071 3724        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:02:47.0118 3724        AcpiPmi - ok
22:02:47.0149 3724        AcPrfMgrSvc - ok
22:02:47.0165 3724        AcSvc - ok
22:02:47.0321 3724        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:02:47.0352 3724        AdobeFlashPlayerUpdateSvc - ok
22:02:47.0461 3724        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:02:47.0539 3724        adp94xx - ok
22:02:47.0602 3724        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:02:47.0649 3724        adpahci - ok
22:02:47.0695 3724        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:02:47.0742 3724        adpu320 - ok
22:02:47.0789 3724        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:02:47.0836 3724        AeLookupSvc - ok
22:02:48.0101 3724        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:02:48.0148 3724        AFD - ok
22:02:48.0195 3724        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:02:48.0241 3724        agp440 - ok
22:02:48.0288 3724        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:02:48.0335 3724        aic78xx - ok
22:02:48.0397 3724        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:02:48.0444 3724        ALG - ok
22:02:48.0460 3724        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:02:48.0491 3724        aliide - ok
22:02:48.0538 3724        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:02:48.0585 3724        amdagp - ok
22:02:48.0600 3724        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:02:48.0631 3724        amdide - ok
22:02:48.0647 3724        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:02:48.0694 3724        AmdK8 - ok
22:02:48.0709 3724        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:02:48.0741 3724        AmdPPM - ok
22:02:48.0803 3724        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:02:48.0850 3724        amdsata - ok
22:02:48.0912 3724        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:02:48.0959 3724        amdsbs - ok
22:02:48.0990 3724        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:02:49.0021 3724        amdxata - ok
22:02:49.0146 3724        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:02:49.0193 3724        AntiVirSchedulerService - ok
22:02:49.0255 3724        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:02:49.0287 3724        AntiVirService - ok
22:02:49.0349 3724        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:02:49.0411 3724        AppID - ok
22:02:49.0474 3724        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:02:49.0536 3724        AppIDSvc - ok
22:02:49.0583 3724        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:02:49.0645 3724        Appinfo - ok
22:02:49.0723 3724        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
22:02:49.0755 3724        AppMgmt - ok
22:02:49.0817 3724        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:02:49.0864 3724        arc - ok
22:02:49.0895 3724        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:02:49.0942 3724        arcsas - ok
22:02:50.0035 3724        ASLDRService    (ad699abb71c9bea804d5fe02cc32708b) C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
22:02:50.0051 3724        ASLDRService ( UnsignedFile.Multi.Generic ) - warning
22:02:50.0051 3724        ASLDRService - detected UnsignedFile.Multi.Generic (1)
22:02:50.0082 3724        ASMMAP          (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
22:02:50.0223 3724        ASMMAP - ok
22:02:50.0457 3724        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:02:50.0519 3724        aspnet_state - ok
22:02:50.0566 3724        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:02:50.0628 3724        AsyncMac - ok
22:02:50.0675 3724        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:02:50.0706 3724        atapi - ok
22:02:50.0769 3724        ATKGFNEXSrv    (f62ca1881d057a98ab8c4ba2020d3d0e) C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
22:02:50.0769 3724        ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
22:02:50.0769 3724        ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
22:02:50.0862 3724        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:02:50.0940 3724        AudioEndpointBuilder - ok
22:02:50.0956 3724        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:02:51.0034 3724        Audiosrv - ok
22:02:51.0112 3724        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
22:02:51.0143 3724        avgntflt - ok
22:02:51.0205 3724        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
22:02:51.0237 3724        avipbb - ok
22:02:51.0268 3724        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:02:51.0299 3724        avkmgr - ok
22:02:51.0361 3724        avmaudio        (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys
22:02:51.0408 3724        avmaudio - ok
22:02:51.0455 3724        AVMUNET        (980f4c96c73c61cc6fcf657a721b35d3) C:\Windows\system32\DRIVERS\avmunet.sys
22:02:51.0502 3724        AVMUNET - ok
22:02:51.0564 3724        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:02:51.0611 3724        AxInstSV - ok
22:02:51.0705 3724        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:02:51.0767 3724        b06bdrv - ok
22:02:51.0845 3724        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:02:51.0892 3724        b57nd60x - ok
22:02:51.0985 3724        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:02:52.0032 3724        BDESVC - ok
22:02:52.0063 3724        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:02:52.0126 3724        Beep - ok
22:02:52.0235 3724        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:02:52.0313 3724        BFE - ok
22:02:52.0422 3724        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
22:02:52.0516 3724        BITS - ok
22:02:52.0531 3724        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:02:52.0563 3724        blbdrive - ok
22:02:52.0594 3724        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:02:52.0641 3724        bowser - ok
22:02:52.0656 3724        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:02:52.0703 3724        BrFiltLo - ok
22:02:52.0719 3724        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:02:52.0750 3724        BrFiltUp - ok
22:02:52.0812 3724        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:02:52.0875 3724        Browser - ok
22:02:52.0906 3724        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:02:52.0968 3724        Brserid - ok
22:02:52.0999 3724        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:02:53.0031 3724        BrSerWdm - ok
22:02:53.0077 3724        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:02:53.0109 3724        BrUsbMdm - ok
22:02:53.0140 3724        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:02:53.0171 3724        BrUsbSer - ok
22:02:53.0218 3724        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:02:53.0249 3724        BTHMODEM - ok
22:02:53.0327 3724        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:02:53.0405 3724        bthserv - ok
22:02:53.0530 3724        catchme - ok
22:02:53.0592 3724        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:02:53.0670 3724        cdfs - ok
22:02:53.0748 3724        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
22:02:53.0779 3724        cdrom - ok
22:02:53.0873 3724        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:02:53.0935 3724        CertPropSvc - ok
22:02:53.0951 3724        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:02:53.0998 3724        circlass - ok
22:02:54.0076 3724        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:02:54.0123 3724        CLFS - ok
22:02:54.0232 3724        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:02:54.0279 3724        clr_optimization_v2.0.50727_32 - ok
22:02:54.0357 3724        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:02:54.0403 3724        clr_optimization_v4.0.30319_32 - ok
22:02:54.0435 3724        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:02:54.0481 3724        CmBatt - ok
22:02:54.0513 3724        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:02:54.0544 3724        cmdide - ok
22:02:54.0606 3724        CNG            (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
22:02:54.0684 3724        CNG - ok
22:02:54.0715 3724        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:02:54.0747 3724        Compbatt - ok
22:02:54.0778 3724        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:02:54.0809 3724        CompositeBus - ok
22:02:54.0840 3724        COMSysApp - ok
22:02:54.0871 3724        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:02:54.0903 3724        crcdisk - ok
22:02:54.0981 3724        CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
22:02:55.0027 3724        CryptSvc - ok
22:02:55.0137 3724        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
22:02:55.0183 3724        CSC - ok
22:02:55.0308 3724        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
22:02:55.0371 3724        CscService - ok
22:02:55.0417 3724        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
22:02:55.0480 3724        CVirtA - ok
22:02:55.0558 3724        CVPND - ok
22:02:55.0636 3724        CVPNDRVA        (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys
22:02:55.0667 3724        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
22:02:55.0683 3724        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
22:02:55.0761 3724        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:02:55.0839 3724        DcomLaunch - ok
22:02:55.0917 3724        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:02:55.0995 3724        defragsvc - ok
22:02:56.0041 3724        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:02:56.0104 3724        DfsC - ok
22:02:56.0119 3724        DgiVecp - ok
22:02:56.0197 3724        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:02:56.0275 3724        Dhcp - ok
22:02:56.0307 3724        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:02:56.0385 3724        discache - ok
22:02:56.0416 3724        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:02:56.0463 3724        Disk - ok
22:02:56.0509 3724        DNE            (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
22:02:56.0541 3724        DNE - ok
22:02:56.0587 3724        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:02:56.0634 3724        Dnscache - ok
22:02:56.0681 3724        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:02:56.0759 3724        dot3svc - ok
22:02:56.0837 3724        dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
22:02:56.0884 3724        dot4 - ok
22:02:56.0962 3724        Dot4Print      (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
22:02:56.0993 3724        Dot4Print - ok
22:02:57.0024 3724        Dot4Scan        (9f7de667c505ce6500becdd8e11644d7) C:\Windows\system32\DRIVERS\Dot4Scan.sys
22:02:57.0055 3724        Dot4Scan - ok
22:02:57.0087 3724        dot4usb        (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
22:02:57.0118 3724        dot4usb - ok
22:02:57.0165 3724        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:02:57.0243 3724        DPS - ok
22:02:57.0289 3724        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:02:57.0321 3724        drmkaud - ok
22:02:57.0414 3724        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:02:57.0477 3724        DXGKrnl - ok
22:02:57.0539 3724        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:02:57.0617 3724        EapHost - ok
22:02:57.0976 3724        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:02:58.0147 3724        ebdrv - ok
22:02:58.0397 3724        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:02:58.0444 3724        EFS - ok
22:02:58.0600 3724        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:02:58.0647 3724        ehRecvr - ok
22:02:58.0709 3724        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:02:58.0740 3724        ehSched - ok
22:02:58.0896 3724        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:02:58.0943 3724        elxstor - ok
22:02:58.0990 3724        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:02:59.0021 3724        ErrDev - ok
22:02:59.0099 3724        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:02:59.0193 3724        EventSystem - ok
22:02:59.0224 3724        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:02:59.0302 3724        exfat - ok
22:02:59.0333 3724        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:02:59.0411 3724        fastfat - ok
22:02:59.0505 3724        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:02:59.0583 3724        Fax - ok
22:02:59.0598 3724        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:02:59.0629 3724        fdc - ok
22:02:59.0645 3724        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:02:59.0723 3724        fdPHost - ok
22:02:59.0739 3724        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:02:59.0801 3724        FDResPub - ok
22:02:59.0832 3724        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:02:59.0863 3724        FileInfo - ok
22:02:59.0895 3724        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:02:59.0957 3724        Filetrace - ok
22:03:00.0129 3724        FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:03:00.0191 3724        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:03:00.0191 3724        FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:03:00.0222 3724        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:03:00.0253 3724        flpydisk - ok
22:03:00.0316 3724        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:03:00.0347 3724        FltMgr - ok
22:03:00.0487 3724        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:03:00.0581 3724        FontCache - ok
22:03:00.0706 3724        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:03:00.0737 3724        FontCache3.0.0.0 - ok
22:03:00.0784 3724        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:03:00.0831 3724        FsDepends - ok
22:03:00.0862 3724        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
22:03:00.0909 3724        Fs_Rec - ok
22:03:00.0971 3724        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:03:01.0018 3724        fvevol - ok
22:03:01.0049 3724        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:03:01.0096 3724        gagp30kx - ok
22:03:01.0143 3724        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:03:01.0174 3724        GEARAspiWDM - ok
22:03:01.0283 3724        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:03:01.0361 3724        gpsvc - ok
22:03:01.0392 3724        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:03:01.0439 3724        hcw85cir - ok
22:03:01.0517 3724        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:03:01.0564 3724        HdAudAddService - ok
22:03:01.0642 3724        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:03:01.0689 3724        HDAudBus - ok
22:03:01.0704 3724        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:03:01.0735 3724        HidBatt - ok
22:03:01.0782 3724        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:03:01.0829 3724        HidBth - ok
22:03:01.0860 3724        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:03:01.0907 3724        HidIr - ok
22:03:01.0938 3724        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:03:02.0016 3724        hidserv - ok
22:03:02.0063 3724        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:03:02.0094 3724        HidUsb - ok
22:03:02.0141 3724        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:03:02.0203 3724        hkmsvc - ok
22:03:02.0266 3724        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:03:02.0328 3724        HomeGroupListener - ok
22:03:02.0391 3724        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:03:02.0422 3724        HomeGroupProvider - ok
22:03:02.0484 3724        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:03:02.0531 3724        HpSAMD - ok
22:03:02.0656 3724        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:03:02.0734 3724        HTTP - ok
22:03:02.0796 3724        hwdatacard - ok
22:03:02.0843 3724        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:03:02.0874 3724        hwpolicy - ok
22:03:02.0952 3724        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:03:02.0983 3724        i8042prt - ok
22:03:03.0077 3724        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:03:03.0139 3724        iaStorV - ok
22:03:03.0202 3724        IBMPMDRV        (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
22:03:03.0233 3724        IBMPMDRV - ok
22:03:03.0264 3724        IBMPMSVC        (bb5cb196922c9f57598ae98c036de246) C:\Windows\system32\ibmpmsvc.exe
22:03:03.0280 3724        IBMPMSVC - ok
22:03:03.0561 3724        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:03:03.0623 3724        idsvc - ok
22:03:04.0965 3724        igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:03:05.0479 3724        igfx - ok
22:03:05.0760 3724        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:03:05.0791 3724        iirsp - ok
22:03:05.0963 3724        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:03:06.0057 3724        IKEEXT - ok
22:03:06.0103 3724        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:03:06.0135 3724        intelide - ok
22:03:06.0166 3724        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:03:06.0213 3724        intelppm - ok
22:03:06.0275 3724        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:03:06.0337 3724        IPBusEnum - ok
22:03:06.0369 3724        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:03:06.0431 3724        IpFilterDriver - ok
22:03:06.0493 3724        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:03:06.0587 3724        iphlpsvc - ok
22:03:06.0618 3724        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:03:06.0665 3724        IPMIDRV - ok
22:03:06.0681 3724        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:03:06.0759 3724        IPNAT - ok
22:03:06.0993 3724        iPod Service    (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
22:03:07.0071 3724        iPod Service - ok
22:03:07.0086 3724        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:03:07.0133 3724        IRENUM - ok
22:03:07.0180 3724        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:03:07.0211 3724        isapnp - ok
22:03:07.0273 3724        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:03:07.0336 3724        iScsiPrt - ok
22:03:07.0383 3724        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
22:03:07.0414 3724        kbdclass - ok
22:03:07.0461 3724        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
22:03:07.0507 3724        kbdhid - ok
22:03:07.0539 3724        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:03:07.0585 3724        KeyIso - ok
22:03:07.0632 3724        KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
22:03:07.0679 3724        KSecDD - ok
22:03:07.0726 3724        KSecPkg        (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
22:03:07.0773 3724        KSecPkg - ok
22:03:07.0819 3724        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:03:07.0913 3724        KtmRm - ok
22:03:07.0960 3724        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
22:03:08.0038 3724        LanmanServer - ok
22:03:08.0085 3724        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:03:08.0163 3724        LanmanWorkstation - ok
22:03:08.0334 3724        LFKAS          (270723e97ca3b26b82700dc02f082c9f) C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
22:03:08.0350 3724        LFKAS ( UnsignedFile.Multi.Generic ) - warning
22:03:08.0350 3724        LFKAS - detected UnsignedFile.Multi.Generic (1)
22:03:08.0397 3724        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:03:08.0475 3724        lltdio - ok
22:03:08.0537 3724        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:03:08.0615 3724        lltdsvc - ok
22:03:08.0631 3724        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:03:08.0709 3724        lmhosts - ok
22:03:08.0755 3724        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:03:08.0787 3724        LSI_FC - ok
22:03:08.0818 3724        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:03:08.0849 3724        LSI_SAS - ok
22:03:08.0880 3724        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:03:08.0911 3724        LSI_SAS2 - ok
22:03:08.0943 3724        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:03:08.0989 3724        LSI_SCSI - ok
22:03:09.0036 3724        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:03:09.0099 3724        luafv - ok
22:03:09.0223 3724        lxdoCATSCustConnectService (51836e7cf12f174527a6a6232ff3767b) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdoserv.exe
22:03:09.0270 3724        lxdoCATSCustConnectService - ok
22:03:09.0286 3724        lxdo_device - ok
22:03:09.0364 3724        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:03:09.0395 3724        MBAMProtector - ok
22:03:09.0551 3724        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:03:09.0598 3724        MBAMService - ok
22:03:09.0660 3724        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:03:09.0707 3724        Mcx2Svc - ok
22:03:09.0738 3724        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:03:09.0785 3724        megasas - ok
22:03:09.0832 3724        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:03:09.0879 3724        MegaSR - ok
22:03:09.0910 3724        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:03:09.0988 3724        MMCSS - ok
22:03:09.0988 3724        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:03:10.0066 3724        Modem - ok
22:03:10.0097 3724        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:03:10.0144 3724        monitor - ok
22:03:10.0175 3724        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
22:03:10.0206 3724        mouclass - ok
22:03:10.0222 3724        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:03:10.0253 3724        mouhid - ok
22:03:10.0300 3724        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:03:10.0347 3724        mountmgr - ok
22:03:10.0471 3724        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:03:10.0503 3724        MozillaMaintenance - ok
22:03:10.0549 3724        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:03:10.0581 3724        mpio - ok
22:03:10.0612 3724        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:03:10.0674 3724        mpsdrv - ok
22:03:10.0752 3724        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:03:10.0846 3724        MpsSvc - ok
22:03:10.0893 3724        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:03:10.0939 3724        MRxDAV - ok
22:03:10.0986 3724        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:03:11.0033 3724        mrxsmb - ok
22:03:11.0080 3724        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:03:11.0127 3724        mrxsmb10 - ok
22:03:11.0158 3724        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:03:11.0189 3724        mrxsmb20 - ok
22:03:11.0236 3724        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:03:11.0267 3724        msahci - ok
22:03:11.0314 3724        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:03:11.0361 3724        msdsm - ok
22:03:11.0423 3724        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:03:11.0470 3724        MSDTC - ok
22:03:11.0532 3724        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:03:11.0595 3724        Msfs - ok
22:03:11.0626 3724        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:03:11.0688 3724        mshidkmdf - ok
22:03:11.0735 3724        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:03:11.0766 3724        msisadrv - ok
22:03:11.0813 3724        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:03:11.0891 3724        MSiSCSI - ok
22:03:11.0907 3724        msiserver - ok
22:03:11.0938 3724        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:03:12.0016 3724        MSKSSRV - ok
22:03:12.0031 3724        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:03:12.0094 3724        MSPCLOCK - ok
22:03:12.0109 3724        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:03:12.0187 3724        MSPQM - ok
22:03:12.0219 3724        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:03:12.0265 3724        MsRPC - ok
22:03:12.0297 3724        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:03:12.0328 3724        mssmbios - ok
22:03:12.0343 3724        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:03:12.0421 3724        MSTEE - ok
22:03:12.0437 3724        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:03:12.0468 3724        MTConfig - ok
22:03:12.0515 3724        MTsensor32      (648cbe572ffe978bf33b8d7e60ac441b) C:\Windows\system32\DRIVERS\PuAcpi32.sys
22:03:12.0546 3724        MTsensor32 - ok
22:03:12.0562 3724        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:03:12.0593 3724        Mup - ok
22:03:12.0671 3724        MySQL - ok
22:03:12.0733 3724        NalServ        (ac051ef24e4bfd010651dbc83e4e9470) C:\Windows\system32\nalserv.exe
22:03:12.0749 3724        NalServ ( UnsignedFile.Multi.Generic ) - warning
22:03:12.0749 3724        NalServ - detected UnsignedFile.Multi.Generic (1)
22:03:12.0827 3724        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:03:12.0905 3724        napagent - ok
22:03:12.0983 3724        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:03:13.0030 3724        NativeWifiP - ok
22:03:13.0123 3724        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:03:13.0186 3724        NDIS - ok
22:03:13.0233 3724        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:03:13.0295 3724        NdisCap - ok
22:03:13.0326 3724        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:03:13.0389 3724        NdisTapi - ok
22:03:13.0435 3724        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:03:13.0498 3724        Ndisuio - ok
22:03:13.0545 3724        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:03:13.0623 3724        NdisWan - ok
22:03:13.0654 3724        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:03:13.0716 3724        NDProxy - ok
22:03:13.0732 3724        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:03:13.0810 3724        NetBIOS - ok
22:03:13.0857 3724        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:03:13.0919 3724        NetBT - ok
22:03:13.0966 3724        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:03:13.0997 3724        Netlogon - ok
22:03:14.0091 3724        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:03:14.0169 3724        Netman - ok
22:03:14.0325 3724        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:03:14.0371 3724        NetMsmqActivator - ok
22:03:14.0371 3724        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:03:14.0403 3724        NetPipeActivator - ok
22:03:14.0449 3724        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:03:14.0543 3724        netprofm - ok
22:03:14.0543 3724        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:03:14.0574 3724        NetTcpActivator - ok
22:03:14.0590 3724        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:03:14.0621 3724        NetTcpPortSharing - ok
22:03:15.0541 3724        NETw5s32        (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
22:03:15.0838 3724        NETw5s32 - ok
22:03:16.0696 3724        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
22:03:16.0914 3724        netw5v32 - ok
22:03:17.0211 3724        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:03:17.0257 3724        nfrd960 - ok
22:03:17.0320 3724        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:03:17.0398 3724        NlaSvc - ok
22:03:17.0476 3724        nlsX86cc        (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\system32\nlssrv32.exe
22:03:17.0507 3724        nlsX86cc - ok
22:03:17.0523 3724        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:03:17.0601 3724        Npfs - ok
22:03:17.0647 3724        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:03:17.0710 3724        nsi - ok
22:03:17.0725 3724        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:03:17.0803 3724        nsiproxy - ok
22:03:17.0928 3724        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:03:18.0037 3724        Ntfs - ok
22:03:18.0240 3724        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:03:18.0318 3724        Null - ok
22:03:18.0381 3724        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:03:18.0427 3724        nvraid - ok
22:03:18.0490 3724        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:03:18.0552 3724        nvstor - ok
22:03:18.0583 3724        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:03:18.0630 3724        nv_agp - ok
22:03:18.0817 3724        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:03:18.0880 3724        odserv - ok
22:03:18.0927 3724        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:03:18.0973 3724        ohci1394 - ok
22:03:19.0036 3724        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:03:19.0067 3724        ose - ok
22:03:19.0161 3724        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:03:19.0207 3724        p2pimsvc - ok
22:03:19.0285 3724        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:03:19.0332 3724        p2psvc - ok
22:03:19.0395 3724        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:03:19.0426 3724        Parport - ok
22:03:19.0488 3724        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
22:03:19.0519 3724        partmgr - ok
22:03:19.0535 3724        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:03:19.0566 3724        Parvdm - ok
22:03:19.0597 3724        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:03:19.0644 3724        PcaSvc - ok
22:03:19.0707 3724        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:03:19.0753 3724        pccsmcfd - ok
22:03:19.0769 3724        PcdrNdisuio - ok
22:03:19.0831 3724        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:03:19.0878 3724        pci - ok
22:03:19.0894 3724        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:03:19.0925 3724        pciide - ok
22:03:19.0972 3724        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:03:20.0019 3724        pcmcia - ok
22:03:20.0034 3724        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:03:20.0081 3724        pcw - ok
22:03:20.0159 3724        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:03:20.0253 3724        PEAUTH - ok
22:03:20.0377 3724        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
22:03:20.0455 3724        PeerDistSvc - ok
22:03:20.0752 3724        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:03:20.0877 3724        pla - ok
22:03:21.0111 3724        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:03:21.0173 3724        PlugPlay - ok
22:03:21.0220 3724        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:03:21.0251 3724        PNRPAutoReg - ok
22:03:21.0298 3724        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:03:21.0345 3724        PNRPsvc - ok
22:03:21.0407 3724        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:03:21.0485 3724        PolicyAgent - ok
22:03:21.0547 3724        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:03:21.0610 3724        Power - ok
22:03:21.0641 3724        Power Manager DBC Service - ok
22:03:21.0719 3724        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:03:21.0797 3724        PptpMiniport - ok
22:03:21.0844 3724        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:03:21.0875 3724        Processor - ok
22:03:21.0953 3724        ProfSvc        (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
22:03:22.0000 3724        ProfSvc - ok
22:03:22.0031 3724        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:03:22.0062 3724        ProtectedStorage - ok
22:03:22.0125 3724        psadd          (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys
22:03:22.0140 3724        psadd - ok
22:03:22.0203 3724        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:03:22.0281 3724        Psched - ok
22:03:22.0515 3724        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:03:22.0608 3724        ql2300 - ok
22:03:22.0873 3724        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:03:22.0920 3724        ql40xx - ok
22:03:22.0983 3724        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:03:23.0045 3724        QWAVE - ok
22:03:23.0061 3724        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:03:23.0092 3724        QWAVEdrv - ok
22:03:23.0170 3724        RapiMgr        (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
22:03:23.0201 3724        RapiMgr - ok
22:03:23.0217 3724        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:03:23.0295 3724        RasAcd - ok
22:03:23.0341 3724        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:03:23.0404 3724        RasAgileVpn - ok
22:03:23.0451 3724        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:03:23.0529 3724        RasAuto - ok
22:03:23.0544 3724        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:03:23.0607 3724        Rasl2tp - ok
22:03:23.0685 3724        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:03:23.0763 3724        RasMan - ok
22:03:23.0809 3724        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:03:23.0872 3724        RasPppoe - ok
22:03:23.0903 3724        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:03:23.0965 3724        RasSstp - ok
22:03:23.0997 3724        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:03:24.0075 3724        rdbss - ok
22:03:24.0090 3724        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:03:24.0121 3724        rdpbus - ok
22:03:24.0168 3724        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:03:24.0246 3724        RDPCDD - ok
22:03:24.0277 3724        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
22:03:24.0340 3724        RDPDR - ok
22:03:24.0371 3724        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:03:24.0449 3724        RDPENCDD - ok
22:03:24.0465 3724        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:03:24.0527 3724        RDPREFMP - ok
22:03:24.0605 3724        RDPWD          (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
22:03:24.0667 3724        RDPWD - ok
22:03:24.0745 3724        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:03:24.0777 3724        rdyboost - ok
22:03:24.0839 3724        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:03:24.0901 3724        RemoteAccess - ok
22:03:24.0964 3724        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:03:25.0042 3724        RemoteRegistry - ok
22:03:25.0104 3724        rimmptsk        (7a6648b61661b1421ffab762e391e33f) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:03:25.0135 3724        rimmptsk - ok
22:03:25.0167 3724        rimsptsk        (d0a35b7670aa3558eaab483f64446496) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:03:25.0213 3724        rimsptsk - ok
22:03:25.0245 3724        rismxdp        (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:03:25.0276 3724        rismxdp - ok
22:03:25.0323 3724        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:03:25.0401 3724        RpcEptMapper - ok
22:03:25.0448 3724        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:03:25.0479 3724        RpcLocator - ok
22:03:25.0572 3724        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:03:25.0650 3724        RpcSs - ok
22:03:25.0713 3724        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:03:25.0775 3724        rspndr - ok
22:03:25.0838 3724        RTL8167        (aa9c3881a74a6d66a2ad869b03e8d3f5) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:03:25.0869 3724        RTL8167 - ok
22:03:25.0900 3724        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
22:03:25.0947 3724        s3cap - ok
22:03:25.0962 3724        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:03:26.0009 3724        SamSs - ok
22:03:26.0134 3724        SbieDrv        (2b12749cc05f32d217735770d2eeabe3) C:\Program Files\Sandboxie\SbieDrv.sys
22:03:26.0165 3724        SbieDrv - ok
22:03:26.0228 3724        SbieSvc        (226d6068a955635259a3abef2f13827c) C:\Program Files\Sandboxie\SbieSvc.exe
22:03:26.0259 3724        SbieSvc - ok
22:03:26.0321 3724        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:03:26.0368 3724        sbp2port - ok
22:03:26.0430 3724        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:03:26.0508 3724        SCardSvr - ok
22:03:26.0555 3724        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:03:26.0618 3724        scfilter - ok
22:03:26.0758 3724        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:03:26.0852 3724        Schedule - ok
22:03:26.0914 3724        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:03:26.0976 3724        SCPolicySvc - ok
22:03:27.0054 3724        SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\Windows\system32\drivers\ScreamingBAudio.sys
22:03:27.0070 3724        SCREAMINGBDRIVER - ok
22:03:27.0148 3724        sdbus          (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
22:03:27.0179 3724        sdbus - ok
22:03:27.0242 3724        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:03:27.0288 3724        SDRSVC - ok
22:03:27.0351 3724        Secdrv          (65ee3435a9131bee1608f99f16c48e08) C:\Windows\system32\drivers\SECDRV.SYS
22:03:27.0351 3724        Secdrv ( UnsignedFile.Multi.Generic ) - warning
22:03:27.0351 3724        Secdrv - detected UnsignedFile.Multi.Generic (1)
22:03:27.0398 3724        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:03:27.0476 3724        seclogon - ok
22:03:27.0491 3724        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
22:03:27.0569 3724        SENS - ok
22:03:27.0616 3724        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:03:27.0663 3724        SensrSvc - ok
22:03:27.0710 3724        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:03:27.0741 3724        Serenum - ok
22:03:27.0788 3724        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:03:27.0819 3724        Serial - ok
22:03:27.0881 3724        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:03:27.0912 3724        sermouse - ok
22:03:28.0178 3724        ServiceLayer    (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:03:28.0224 3724        ServiceLayer - ok
22:03:28.0302 3724        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:03:28.0380 3724        SessionEnv - ok
22:03:28.0412 3724        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:03:28.0458 3724        sffdisk - ok
22:03:28.0474 3724        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:03:28.0505 3724        sffp_mmc - ok
22:03:28.0536 3724        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:03:28.0583 3724        sffp_sd - ok
22:03:28.0630 3724        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:03:28.0661 3724        sfloppy - ok
22:03:28.0755 3724        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:03:28.0833 3724        SharedAccess - ok
22:03:28.0895 3724        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:03:28.0973 3724        ShellHWDetection - ok
22:03:29.0036 3724        Shockprf        (fc0127343bd1ce1986ba12f8937f1057) C:\Windows\system32\DRIVERS\Apsx86.sys
22:03:29.0067 3724        Shockprf - ok
22:03:29.0114 3724        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:03:29.0145 3724        sisagp - ok
22:03:29.0176 3724        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:03:29.0223 3724        SiSRaid2 - ok
22:03:29.0254 3724        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:03:29.0301 3724        SiSRaid4 - ok
22:03:29.0394 3724        SkypeUpdate    (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
22:03:29.0426 3724        SkypeUpdate - ok
22:03:29.0472 3724        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:03:29.0550 3724        Smb - ok
22:03:29.0628 3724        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:03:29.0660 3724        SNMPTRAP - ok
22:03:29.0675 3724        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:03:29.0706 3724        spldr - ok
22:03:29.0800 3724        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:03:29.0878 3724        Spooler - ok
22:03:30.0377 3724        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:03:30.0549 3724        sppsvc - ok
22:03:30.0767 3724        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:03:30.0845 3724        sppuinotify - ok
22:03:30.0954 3724        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:03:31.0001 3724        srv - ok
22:03:31.0064 3724        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:03:31.0110 3724        srv2 - ok
22:03:31.0188 3724        SrvHsfHDA      (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:03:31.0235 3724        SrvHsfHDA - ok
22:03:31.0407 3724        SrvHsfV92      (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:03:31.0485 3724        SrvHsfV92 - ok
22:03:31.0547 3724        SrvHsfWinac    (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:03:31.0625 3724        SrvHsfWinac - ok
22:03:31.0656 3724        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:03:31.0688 3724        srvnet - ok
22:03:31.0750 3724        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:03:31.0828 3724        SSDPSRV - ok
22:03:31.0890 3724        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:03:31.0906 3724        ssmdrv - ok
22:03:31.0953 3724        SSPORT          (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
22:03:31.0968 3724        SSPORT ( UnsignedFile.Multi.Generic ) - warning
22:03:31.0968 3724        SSPORT - detected UnsignedFile.Multi.Generic (1)
22:03:32.0000 3724        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:03:32.0078 3724        SstpSvc - ok
22:03:32.0109 3724        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:03:32.0140 3724        stexstor - ok
22:03:32.0234 3724        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:03:32.0296 3724        StiSvc - ok
22:03:32.0343 3724        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
22:03:32.0374 3724        storflt - ok
22:03:32.0405 3724        StorSvc        (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
22:03:32.0452 3724        StorSvc - ok
22:03:32.0514 3724        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
22:03:32.0561 3724        storvsc - ok
22:03:32.0577 3724        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:03:32.0608 3724        swenum - ok
22:03:32.0655 3724        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:03:32.0748 3724        swprv - ok
22:03:32.0826 3724        SynTP          (d7dc30b8b41e7a913c3fccc0631e72ec) C:\Windows\system32\DRIVERS\SynTP.sys
22:03:32.0858 3724        SynTP - ok
22:03:32.0998 3724        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:03:33.0076 3724        SysMain - ok
22:03:33.0123 3724        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:03:33.0170 3724        TabletInputService - ok
22:03:33.0248 3724        tap0901        (5c7c939bbd03784fe58c80578d065cc9) C:\Windows\system32\DRIVERS\tap0901.sys
22:03:33.0279 3724        tap0901 - ok
22:03:33.0341 3724        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:03:33.0419 3724        TapiSrv - ok
22:03:33.0482 3724        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:03:33.0560 3724        TBS - ok
22:03:33.0778 3724        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
22:03:33.0872 3724        Tcpip - ok
22:03:34.0308 3724        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
22:03:34.0386 3724        TCPIP6 - ok
22:03:34.0527 3724        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:03:34.0589 3724        tcpipreg - ok
22:03:34.0636 3724        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:03:34.0683 3724        TDPIPE - ok
22:03:34.0730 3724        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:03:34.0761 3724        TDTCP - ok
22:03:34.0823 3724        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:03:34.0886 3724        tdx - ok
22:03:35.0026 3724        TeamViewer5    (d91cb8a2d5a0f60e53eb7a0b0bc2e0f0) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
22:03:35.0057 3724        TeamViewer5 - ok
22:03:35.0588 3724        TeamViewer7    (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
22:03:35.0775 3724        TeamViewer7 - ok
22:03:36.0040 3724        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:03:36.0071 3724        TermDD - ok
22:03:36.0134 3724        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:03:36.0227 3724        TermService - ok
22:03:36.0258 3724        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:03:36.0305 3724        Themes - ok
22:03:36.0555 3724        ThinkVantage Registry Monitor Service (8eb3b845a55afe8367c99c1b499340df) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
22:03:36.0602 3724        ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - warning
22:03:36.0602 3724        ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic (1)
22:03:36.0648 3724        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:03:36.0726 3724        THREADORDER - ok
22:03:36.0789 3724        TPDIGIMN        (521866a3ce5a1a69b4b4a87bdb52be26) C:\Windows\system32\DRIVERS\ApsHM86.sys
22:03:36.0820 3724        TPDIGIMN - ok
22:03:36.0851 3724        TPHDEXLGSVC    (199d786169749b1a5473b7799c1e6a89) C:\Windows\system32\TPHDEXLG.exe
22:03:36.0898 3724        TPHDEXLGSVC - ok
22:03:37.0038 3724        TPHKSVC        (3c6a42a8494d74f44f048bb7f9f2db44) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
22:03:37.0070 3724        TPHKSVC - ok
22:03:37.0132 3724        TPPWRIF        (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
22:03:37.0148 3724        TPPWRIF - ok
22:03:37.0226 3724        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:03:37.0304 3724        TrkWks - ok
22:03:37.0382 3724        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:03:37.0460 3724        TrustedInstaller - ok
22:03:37.0475 3724        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:03:37.0538 3724        tssecsrv - ok
22:03:37.0584 3724        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:03:37.0631 3724        TsUsbFlt - ok
22:03:37.0694 3724        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:03:37.0756 3724        tunnel - ok
22:03:37.0959 3724        TVT Backup Service (4e7f50b0735a9cc58997cc2c92e41290) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
22:03:38.0052 3724        TVT Backup Service - ok
22:03:38.0302 3724        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:03:38.0349 3724        uagp35 - ok
22:03:38.0396 3724        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:03:38.0474 3724        udfs - ok
22:03:38.0536 3724        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:03:38.0583 3724        UI0Detect - ok
22:03:38.0630 3724        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:03:38.0661 3724        uliagpkx - ok
22:03:38.0723 3724        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
22:03:38.0770 3724        umbus - ok
22:03:38.0801 3724        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:03:38.0832 3724        UmPass - ok
22:03:38.0895 3724        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
22:03:38.0942 3724        UmRdpService - ok
22:03:38.0988 3724        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:03:39.0066 3724        upnphost - ok
22:03:39.0113 3724        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:03:39.0144 3724        USBAAPL ( UnsignedFile.Multi.Generic ) - warning
22:03:39.0144 3724        USBAAPL - detected UnsignedFile.Multi.Generic (1)
22:03:39.0207 3724        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:03:39.0238 3724        usbccgp - ok
22:03:39.0300 3724        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:03:39.0332 3724        usbcir - ok
22:03:39.0378 3724        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:03:39.0410 3724        usbehci - ok
22:03:39.0456 3724        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:03:39.0503 3724        usbhub - ok
22:03:39.0534 3724        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:03:39.0566 3724        usbohci - ok
22:03:39.0612 3724        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:03:39.0659 3724        usbprint - ok
22:03:39.0690 3724        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:03:39.0737 3724        usbscan - ok
22:03:39.0800 3724        usbser          (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
22:03:39.0862 3724        usbser - ok
22:03:39.0893 3724        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:03:39.0940 3724        USBSTOR - ok
22:03:39.0971 3724        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:03:40.0002 3724        usbuhci - ok
22:03:40.0080 3724        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:03:40.0112 3724        usbvideo - ok
22:03:40.0174 3724        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:03:40.0236 3724        UxSms - ok
22:03:40.0283 3724        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:03:40.0314 3724        VaultSvc - ok
22:03:40.0330 3724        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:03:40.0361 3724        vdrvroot - ok
22:03:40.0439 3724        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:03:40.0533 3724        vds - ok
22:03:40.0580 3724        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:03:40.0626 3724        vga - ok
22:03:40.0658 3724        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:03:40.0736 3724        VgaSave - ok
22:03:40.0767 3724        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:03:40.0829 3724        vhdmp - ok
22:03:40.0876 3724        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:03:40.0923 3724        viaagp - ok
22:03:40.0954 3724        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:03:40.0985 3724        ViaC7 - ok
22:03:41.0001 3724        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:03:41.0032 3724        viaide - ok
22:03:41.0110 3724        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:03:41.0141 3724        vmbus - ok
22:03:41.0188 3724        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:03:41.0219 3724        VMBusHID - ok
22:03:41.0250 3724        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:03:41.0282 3724        volmgr - ok
22:03:41.0328 3724        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:03:41.0375 3724        volmgrx - ok
22:03:41.0406 3724        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:03:41.0453 3724        volsnap - ok
22:03:41.0500 3724        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:03:41.0547 3724        vsmraid - ok
22:03:41.0672 3724        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:03:41.0781 3724        VSS - ok
22:03:41.0796 3724        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:03:41.0843 3724        vwifibus - ok
22:03:41.0874 3724        VWiFiFlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:03:41.0906 3724        VWiFiFlt - ok
22:03:41.0937 3724        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
22:03:41.0984 3724        vwifimp - ok
22:03:42.0046 3724        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:03:42.0124 3724        W32Time - ok
22:03:42.0155 3724        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:03:42.0186 3724        WacomPen - ok
22:03:42.0327 3724        wampapache      (07d0af06a5d2445c9dc5824c567e36b8) C:\Program Files\wamp\bin\apache\apache2.2.6\bin\httpd.exe
22:03:42.0327 3724        wampapache ( UnsignedFile.Multi.Generic ) - warning
22:03:42.0327 3724        wampapache - detected UnsignedFile.Multi.Generic (1)
22:03:42.0920 3724        wampmysqld      (c1b9406af5192ec704ab2e49cd25765c) C:\Program Files\wamp\bin\mysql\mysql4.1.21\bin\mysqld-nt.exe
22:03:43.0091 3724        wampmysqld ( UnsignedFile.Multi.Generic ) - warning
22:03:43.0091 3724        wampmysqld - detected UnsignedFile.Multi.Generic (1)
22:03:43.0341 3724        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:03:43.0419 3724        WANARP - ok
22:03:43.0419 3724        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:03:43.0481 3724        Wanarpv6 - ok
22:03:43.0731 3724        WatAdminSvc    (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:03:43.0840 3724        WatAdminSvc - ok
22:03:44.0214 3724        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:03:44.0308 3724        wbengine - ok
22:03:44.0370 3724        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:03:44.0417 3724        WbioSrvc - ok
22:03:44.0495 3724        WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
22:03:44.0542 3724        WcesComm - ok
22:03:44.0620 3724        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:03:44.0667 3724        wcncsvc - ok
22:03:44.0698 3724        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:03:44.0729 3724        WcsPlugInService - ok
22:03:44.0807 3724        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:03:44.0838 3724        Wd - ok
22:03:44.0885 3724        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:03:44.0948 3724        Wdf01000 - ok
22:03:44.0979 3724        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:03:45.0026 3724        WdiServiceHost - ok
22:03:45.0026 3724        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:03:45.0072 3724        WdiSystemHost - ok
22:03:45.0119 3724        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:03:45.0182 3724        WebClient - ok
22:03:45.0213 3724        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:03:45.0291 3724        Wecsvc - ok
22:03:45.0322 3724        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:03:45.0384 3724        wercplsupport - ok
22:03:45.0431 3724        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:03:45.0509 3724        WerSvc - ok
22:03:45.0540 3724        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:03:45.0603 3724        WfpLwf - ok
22:03:45.0634 3724        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:03:45.0665 3724        WIMMount - ok
22:03:45.0852 3724        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:03:45.0930 3724        WinDefend - ok
22:03:45.0962 3724        WinHttpAutoProxySvc - ok
22:03:46.0040 3724        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:03:46.0118 3724        Winmgmt - ok
22:03:46.0336 3724        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:03:46.0430 3724        WinRM - ok
22:03:46.0554 3724        WINUSB          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.SYS
22:03:46.0586 3724        WINUSB - ok
22:03:46.0742 3724        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:03:46.0851 3724        Wlansvc - ok
22:03:46.0882 3724        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:03:46.0929 3724        WmiAcpi - ok
22:03:47.0022 3724        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:03:47.0069 3724        wmiApSrv - ok
22:03:47.0350 3724        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:03:47.0428 3724        WMPNetworkSvc - ok
22:03:47.0662 3724        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:03:47.0709 3724        WPCSvc - ok
22:03:47.0756 3724        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:03:47.0802 3724        WPDBusEnum - ok
22:03:47.0880 3724        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:03:47.0958 3724        ws2ifsl - ok
22:03:47.0974 3724        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
22:03:48.0036 3724        wscsvc - ok
22:03:48.0068 3724        WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:03:48.0114 3724        WSDPrintDevice - ok
22:03:48.0114 3724        WSearch - ok
22:03:48.0395 3724        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
22:03:48.0520 3724        wuauserv - ok
22:03:48.0785 3724        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:03:48.0848 3724        WudfPf - ok
22:03:48.0910 3724        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:03:48.0988 3724        WUDFRd - ok
22:03:49.0050 3724        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:03:49.0113 3724        wudfsvc - ok
22:03:49.0191 3724        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:03:49.0253 3724        WwanSvc - ok
22:03:49.0347 3724        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:03:49.0955 3724        \Device\Harddisk0\DR0 - ok
22:03:49.0955 3724        Boot (0x1200)  (3724ecc985357e45ab76e0d161b5572b) \Device\Harddisk0\DR0\Partition0
22:03:49.0971 3724        \Device\Harddisk0\DR0\Partition0 - ok
22:03:50.0002 3724        Boot (0x1200)  (5640f9e5ecfa8ad11008d394c86b5896) \Device\Harddisk0\DR0\Partition1
22:03:50.0002 3724        \Device\Harddisk0\DR0\Partition1 - ok
22:03:50.0033 3724        Boot (0x1200)  (73dee7a97ceb97d0be3d2d51a9ceac47) \Device\Harddisk0\DR0\Partition2
22:03:50.0033 3724        \Device\Harddisk0\DR0\Partition2 - ok
22:03:50.0049 3724        ============================================================
22:03:50.0049 3724        Scan finished
22:03:50.0049 3724        ============================================================
22:03:50.0064 3872        Detected object count: 12
22:03:50.0064 3872        Actual detected object count: 12
22:04:37.0738 3872        ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:37.0738 3872        ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:37.0754 3872        ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:37.0754 3872        ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:37.0754 3872        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:37.0754 3872        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:37.0754 3872        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:37.0754 3872        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:37.0754 3872        LFKAS ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:37.0769 3872        LFKAS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:37.0769 3872        NalServ ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:37.0769 3872        NalServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:37.0769 3872        Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:37.0769 3872        Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:37.0769 3872        SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:37.0769 3872        SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:37.0785 3872        ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:37.0785 3872        ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:37.0785 3872        USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:37.0785 3872        USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:37.0785 3872        wampapache ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:37.0785 3872        wampapache ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:37.0785 3872        wampmysqld ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:37.0800 3872        wampmysqld ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 12.07.2012 21:45
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Martin79 12.07.2012 22:41
Combofix Logfile:
Code:
ComboFix 12-07-12.02 - MD 12.07.2012  23:24:41.2.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3037.1878 [GMT 2:00]
ausgeführt von:: c:\users\MD\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll
c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll
c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll
c:\programdata\SPL14AF.tmp
c:\programdata\SPL2946.tmp
c:\programdata\SPL3BAD.tmp
c:\programdata\SPL3F07.tmp
c:\programdata\SPL4687.tmp
c:\programdata\SPL48BF.tmp
c:\programdata\SPL5F15.tmp
c:\programdata\SPL6156.tmp
c:\programdata\SPL66D.tmp
c:\programdata\SPL6F7A.tmp
c:\programdata\SPL7065.tmp
c:\programdata\SPL7FAC.tmp
c:\programdata\SPL83AA.tmp
c:\programdata\SPL858C.tmp
c:\programdata\SPL87C1.tmp
c:\programdata\SPL957D.tmp
c:\programdata\SPL9CDF.tmp
c:\programdata\SPLA1FE.tmp
c:\programdata\SPLB628.tmp
c:\programdata\SPLE1C2.tmp
c:\programdata\SPLEC81.tmp
c:\programdata\SPLF367.tmp
c:\programdata\SPLF74D.tmp
c:\programdata\SPLF981.tmp
c:\users\MD\AppData\Local\assembly\tmp
c:\users\MD\AppData\Local\lame_enc.dll
c:\users\MD\AppData\Local\no23xwrapper.dll
c:\users\MD\AppData\Local\ogg.dll
c:\users\MD\AppData\Local\vorbis.dll
c:\users\MD\AppData\Local\vorbisenc.dll
c:\users\MD\AppData\Local\vorbisfile.dll
c:\users\MD\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-12 bis 2012-07-12  ))))))))))))))))))))))))))))))
.
.
2012-07-12 21:32 . 2012-07-12 21:32        --------        d-----w-        c:\users\MD\AppData\Local\temp
2012-07-12 21:32 . 2012-07-12 21:32        --------        d-----w-        c:\users\Public\AppData\Local\temp
2012-07-12 21:32 . 2012-07-12 21:32        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-12 21:32 . 2012-07-12 21:32        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2012-07-12 21:31 . 2012-07-12 21:31        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C44DFB8-D270-485B-A13E-D79EBC2B9FAC}\offreg.dll
2012-07-12 14:10 . 2012-06-18 01:14        6762896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C44DFB8-D270-485B-A13E-D79EBC2B9FAC}\mpengine.dll
2012-07-12 00:27 . 2012-06-12 02:40        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-06-29 11:59 . 2012-06-29 11:59        476936        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-06-27 15:36 . 2009-08-01 08:10        5120        ------w-        c:\windows\system32\drivers\SSPORT.sys
2012-06-27 15:36 . 2009-08-01 08:10        49152        ------w-        c:\windows\system32\ssusbpn.dll
2012-06-27 15:36 . 2009-08-01 08:10        57344        ------w-        c:\windows\system32\ssdevm.dll
2012-06-27 15:34 . 2012-06-27 15:34        --------        d-----w-        c:\windows\Dell
2012-06-27 15:34 . 2009-08-03 04:21        484592        ----a-w-        c:\windows\SSndii.exe
2012-06-27 15:34 . 2009-08-03 04:20        44544        ----a-w-        c:\windows\system32\msxml4a.dll
2012-06-27 15:34 . 2009-08-03 04:20        38160        ----a-w-        c:\windows\system32\msxml2r.dll
2012-06-27 15:34 . 2009-08-03 04:20        21776        ----a-w-        c:\windows\system32\msxml2a.dll
2012-06-27 15:34 . 2009-08-03 04:20        701440        ----a-w-        c:\windows\system32\msxml2.dll
2012-06-27 15:33 . 2009-08-02 08:32        19968        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\sdc1mpc.dll
2012-06-27 15:32 . 2009-08-02 08:32        26624        ----a-w-        c:\windows\system32\sdc1ml3.dll
2012-06-27 15:32 . 2009-08-02 08:31        151552        ----a-w-        c:\windows\system32\sdc1mci.exe
2012-06-27 15:30 . 2012-06-27 15:30        --------        d-----w-        c:\program files\Dell
2012-06-25 14:04 . 2012-06-25 14:04        1394248        ----a-w-        c:\windows\system32\msxml4.dll
2012-06-23 14:29 . 2012-06-23 14:29        --------        d-----w-        c:\users\MD\AppData\Local\Macromedia
2012-06-21 19:54 . 2012-06-21 19:54        770384        ----a-w-        c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-21 19:54 . 2012-06-21 19:54        421200        ----a-w-        c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-21 18:53 . 2012-06-21 18:53        --------        d-----w-        c:\program files\MSXML 4.0
2012-06-21 18:49 . 2012-06-21 18:49        --------        d-----w-        c:\users\MD\AppData\Local\Nokia
2012-06-21 18:31 . 2012-06-21 18:31        --------        d-----w-        c:\programdata\NokiaInstallerCache
2012-06-21 18:24 . 2012-06-21 18:28        --------        d-----w-        c:\users\MD\AppData\Roaming\PC Suite
2012-06-21 18:24 . 2012-06-21 18:28        --------        d-----w-        c:\users\MD\AppData\Roaming\Nokia
2012-06-21 18:24 . 2012-06-21 18:28        --------        d-----w-        c:\programdata\PC Suite
2012-06-21 18:23 . 2012-06-21 18:24        --------        d-----w-        c:\program files\DIFX
2012-06-21 18:23 . 2008-08-26 07:26        18816        ----a-w-        c:\windows\system32\drivers\pccsmcfd.sys
2012-06-21 18:23 . 2012-06-21 18:23        --------        d-----w-        c:\program files\PC Connectivity Solution
2012-06-21 18:23 . 2012-01-09 15:28        75264        ----a-w-        c:\windows\system32\nmwcdcls.dll
2012-06-21 18:22 . 2012-06-21 18:33        --------        d-----w-        c:\programdata\Installations
2012-06-21 08:00 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 08:00 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 08:00 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 08:00 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 07:59 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 07:59 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 07:59 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 07:59 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 07:59 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-14 09:30 . 2012-04-28 03:17        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-14 09:29 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\system32\msi.dll
2012-06-14 09:29 . 2012-04-26 04:45        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-14 09:29 . 2012-04-26 04:45        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-14 09:29 . 2012-04-26 04:41        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-14 09:29 . 2012-05-01 04:44        164352        ----a-w-        c:\windows\system32\profsvc.dll
2012-06-14 09:29 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-14 09:29 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-14 09:29 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\system32\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 11:31 . 2012-04-27 06:40        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-12 11:31 . 2011-06-27 07:14        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 11:59 . 2010-08-14 11:32        472840        ----a-w-        c:\windows\system32\deployJava1.dll
2012-05-31 10:25 . 2009-11-04 21:21        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-08 14:57 . 2012-03-29 09:28        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-08 14:57 . 2009-11-05 13:48        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-06-02 17:27 . 2010-08-28 20:32        22792192        ------w-        c:\program files\TOP-RECHNUNG 10.exe
2012-06-21 19:54 . 2011-05-27 11:58        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\MD\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\MD\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\MD\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\MD\AppData\Local\Apps\2.0\V9NOXPVR.A8C\YA85CVZ8.MTM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-03-02 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"AcWin7Hlpr"="c:\programme\Lenovo\Access Connections\AcWin7Hlpr.exe" [2010-11-02 279912]
"TpShocks"="TpShocks.exe" [2009-07-08 337184]
"Adobe Acrobat Speed Launcher"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"PWMTRV"="c:\progra~3\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-09 714016]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2007-04-11 26704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"lxdomon.exe"="c:\program files\Lexmark 9500 Series\lxdomon.exe" [2010-02-10 455336]
"lxdoamon"="c:\program files\Lexmark 9500 Series\lxdoamon.exe" [2010-02-10 25256]
"Lexmark 9500 Series Fax Server"="c:\program files\Lexmark 9500 Series\fm3032.exe" [2010-02-10 311976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Dell PanelMgr"="c:\windows\Dell\PanelMgr\SSMMgr.exe" [2009-12-15 632048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\MD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\MD\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenVPN GUI.lnk - c:\windows\System32\schtasks.exe [2011-5-25 179712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^MD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\MD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 16:06        421736        ------w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12        3872080        ------w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2011-03-24 11:24        409320        ------w-        c:\program files\Sandboxie\SbieCtrl.exe
.
R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdoserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [x]
S2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NalServ;Nalpeiron Control Service;c:\windows\system32\nalserv.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MTsensor32;PU ACPI UTILITY;c:\windows\system32\DRIVERS\PuAcpi32.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 68709915
*Deregistered* - 68709915
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 11:31]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291211984-3754166486-409696321-1001Core.job
- c:\users\MD\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-29 19:44]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291211984-3754166486-409696321-1001UA.job
- c:\users\MD\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-29 19:44]
.
2012-06-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-07-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {85C86CCC-2158-4123-9C7D-785190CED875} - hxxps://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab
FF - ProfilePath - c:\users\MD\AppData\Roaming\Mozilla\Firefox\Profiles\yqpafj8u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-12  23:34:49
ComboFix-quarantined-files.txt  2012-07-12 21:34
ComboFix2.txt  2010-08-02 14:08
.
Vor Suchlauf: 23 Verzeichnis(se), 157.231.550.464 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 157.155.639.296 Bytes frei
.
- - End Of File - - 457FCECB9B065959E1FC0CCAB0C3F963
--- --- ---

cosinus 13.07.2012 14:03
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Martin79 16.07.2012 11:09
Hallo Arne,

Code:
GMER Logfile:

       
Code:

       
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-16 11:21:07
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-08VAT2 rev.14.01A14
Running: tw2jmg1u.exe; Driver: C:\Users\MD\AppData\Local\Temp\kwldipod.sys


---- System - GMER 1.0.15 ----

SSDT            912E87CE                                                                                                 ZwCreateSection
SSDT            912E87D8                                                                                                 ZwRequestWaitReplyPort
SSDT            912E87D3                                                                                                 ZwSetContextThread
SSDT            912E87DD                                                                                                 ZwSetSecurityObject
SSDT            912E87E2                                                                                                 ZwSystemDebugControl
SSDT            912E876F                                                                                                 ZwTerminateProcess

Code            91492BFC                                                                                                 ZwTraceEvent
Code            91492BFB                                                                                                 NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                 830503C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   83089D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                      83090EAC 4 Bytes  [CE, 87, 2E, 91] {INTO ; XCHG [ESI], EBP; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                      83091208 4 Bytes  [D8, 87, 2E, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                      8309124C 4 Bytes  [D3, 87, 2E, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                      830912C8 4 Bytes  [DD, 87, 2E, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                      8309131C 4 Bytes  [E2, 87, 2E, 91]
.text           ...                                                                                                     
.text           ntkrnlpa.exe!NtTraceEvent                                                                                830D963A 5 Bytes  JMP 91492C00
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2                                                               832650C0 5 Bytes  JMP 91492DE0
PAGE            ntkrnlpa.exe!NtRequestPort + 2                                                                           83293687 5 Bytes  JMP 91492CA0

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                          [73C924CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                     [73C7562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                    [73C756EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                           [73C92546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                 [73C885AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                   [73C84D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                  [73C85105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                 [73C851DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]        [73C86707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                  [73C88301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]             [73C88850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]           [73C890B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                 [73C8E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                     [73C84C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [74F1FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [74F1FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3380] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [74F1FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [74F1FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000060                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---
Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:29:40 on 16.07.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-291211984-3754166486-409696321-1001Core.job" - "Google Inc." - C:\Users\MD\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-291211984-3754166486-409696321-1001UA.job" - "Google Inc." - C:\Users\MD\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\uaclauncher.exe
"SystemToolsDailyTest.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\uaclauncher.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PWMCP32V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP32V.cpl
"TpShCPL.cpl" - "Lenovo." - C:\Windows\system32\TpShCPL.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys
"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\Windows\System32\DRIVERS\ApsHM86.sys
"ASMMAP" (ASMMAP) - ? - C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\MD\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"DgiVecp" (DgiVecp) - ? - C:\Windows\system32\Drivers\DgiVecp.sys  (File not found)
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys  (File not found)
"kwldipod" (kwldipod) - ? - C:\Users\MD\AppData\Local\Temp\kwldipod.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PCDRNDISUIO Usermode I/O Protocol" (PcdrNdisuio) - ? - C:\Windows\System32\DRIVERS\pcdrndisuio.sys  (File not found)
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys
"Secdrv" (Secdrv) - ? - C:\Windows\system32\drivers\SECDRV.SYS  (File found, but it contains no detailed information)
"Shockprf" (Shockprf) - "Lenovo." - C:\Windows\System32\DRIVERS\Apsx86.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{85C86CCC-2158-4123-9C7D-785190CED875} "dp Launcher Plugin" - "digital publishing AG" - C:\Windows\DOWNLO~1\DPLAUN~1.OCX / https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\IEAWSDC.DLL / hxxp://office.microsoft.com/templates/ieawsdc.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_3_300_265.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204  (File not found)
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\MD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\MD\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AVMUSBFernanschluss" - "AVM Berlin" - "C:\Users\MD\AppData\Local\Apps\2.0\4Y7RZXNC.MQW\XTD4XDJ9.5EJ\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"AcWin7Hlpr" - "Lenovo" - C:\Programme\Lenovo\Access Connections\AcWin7Hlpr.exe showdeskband
"Adobe Acrobat Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5.5ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Dell PanelMgr" - ? - C:\Windows\Dell\PanelMgr\SSMMgr.exe /autorun
"Lexmark 9500 Series Fax Server" - ? - "C:\Program Files\Lexmark 9500 Series\fm3032.exe" /s
"LexwareInfoService" - "Lexware GmbH & Co. KG" - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"lxdoamon" - ? - "C:\Program Files\Lexmark 9500 Series\lxdoamon.exe"
"lxdomon.exe" - ? - "C:\Program Files\Lexmark 9500 Series\lxdomon.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~3\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TPHOTKEY" - "Lenovo Group Limited" - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
"TpShocks" - "Lenovo." - TpShocks.exe
"WrtMon.exe" - ? - C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll
"Fax Lexmark 9500 Series Port" - ? - C:\Windows\system32\LXDOPMON.DLL
"LM_LMACWN" - " " - C:\Windows\system32\LMACWNLANG.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"sdc1m Langmon" - ? - C:\Windows\system32\sdc1ml3.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AcPrfMgrSvc" (AcPrfMgrSvc) - "Lenovo" - C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe
"AcSvc" (AcSvc) - "Lenovo" - C:\Programme\Lenovo\Access Connections\AcSvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Nalpeiron Control Service" (NalServ) - "Nalpeiron Ltd." - C:\Windows\system32\nalserv.exe
"Nalpeiron Licensing Service" (nlsX86cc) - "Nalpeiron Ltd." - C:\Windows\system32\nlssrv32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Programme\ThinkPad\Utilities\PWMDBSVC.EXE
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe
"Service of LFKA" (LFKAS) - ? - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\Windows\System32\TPHDEXLG.exe
"ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
"TVT Backup Service" (TVT Backup Service) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
"wampapache" (wampapache) - "Apache Software Foundation" - C:\Program Files\wamp\bin\apache\apache2.2.6\bin\httpd.exe
"wampmysqld" (wampmysqld) - ? - C:\Program Files\wamp\bin\mysql\mysql4.1.21\bin\mysqld-nt.exe  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-16 11:31:05
-----------------------------
11:31:05.107    OS Version: Windows 6.1.7601 Service Pack 1
11:31:05.107    Number of processors: 2 586 0xF0D
11:31:05.107    ComputerName: MD-LAPTOP  UserName: MD
11:31:06.776    Initialize success
11:32:18.614    AVAST engine defs: 12071600
11:33:47.721    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:33:47.721    Disk 0 Vendor: WDC_WD2500BEVS-08VAT2 14.01A14 Size: 238475MB BusType: 11
11:33:48.065    Disk 0 MBR read successfully
11:33:48.065    Disk 0 MBR scan
11:33:48.065    Disk 0 Windows 7 default MBR code
11:33:48.143    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        1500 MB offset 2048
11:33:48.189    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      226972 MB offset 3074048
11:33:48.267    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        10001 MB offset 467912704
11:33:48.501    Disk 0 scanning sectors +488395120
11:33:49.047    Disk 0 scanning C:\Windows\system32\drivers
11:35:17.515    Service scanning
11:35:43.973    Modules scanning
11:38:08.975    Disk 0 trace - called modules:
11:38:09.037    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
11:38:09.037    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865ac030]
11:38:09.053    3 CLASSPNP.SYS[8360459e] -> nt!IofCallDriver -> [0x860efc10]
11:38:09.053    5 ACPI.sys[8b2973d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x860e1908]
11:38:10.192    AVAST engine scan C:\Windows
11:39:20.813    AVAST engine scan C:\Windows\system32
11:51:50.706    AVAST engine scan C:\Windows\system32\drivers
11:52:16.587    AVAST engine scan C:\Users\MD
11:59:22.826    AVAST engine scan C:\ProgramData
12:03:58.073    Scan finished successfully
12:04:46.574    Disk 0 MBR has been saved successfully to "C:\Users\MD\Desktop\MBR.dat"
12:04:46.574    The log file has been saved successfully to "C:\Users\MD\Desktop\aswMBR.txt"

cosinus 16.07.2012 16:22
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Martin79 17.07.2012 08:43
Prima, dann hier noch die zwei Logs:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MD :: MD-LAPTOP [Administrator]

16.07.2012 21:28:02
mbam-log-2012-07-16 (21-28-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 424029
Laufzeit: 1 Stunde(n), 29 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/17/2012 at 01:28 AM

Application Version : 5.5.1006

Core Rules Database Version : 8908
Trace Rules Database Version: 6720

Scan type      : Complete Scan
Total Scan Time : 01:57:00

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 863
Memory threats detected  : 0
Registry items scanned    : 36295
Registry threats detected : 0
File items scanned        : 180301
File threats detected    : 280

Adware.Tracking Cookie
        C:\Users\MD\AppData\Roaming\Microsoft\Windows\Cookies\694BXAZH.txt [ /mediaplex.com ]
        C:\Users\MD\AppData\Roaming\Microsoft\Windows\Cookies\NH96PK5R.txt [ /apmebf.com ]
        C:\USERS\MD\Cookies\694BXAZH.txt [ Cookie:md@mediaplex.com/ ]
        C:\USERS\MD\Cookies\NH96PK5R.txt [ Cookie:md@apmebf.com/ ]
        www.googleadservices.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        butlers.traffective-tracking.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        butlers.traffective-tracking.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        butlers.traffective-tracking.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        butlers.traffective-tracking.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        butlers.traffective-tracking.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        media1.comnos.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        media1.comnos.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        media1.comnos.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        server.adformdsp.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adformdsp.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        tracking.mobile.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .de.at.atwola.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\SANDBOX\MD\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        html5media.googlecode.com [ C:\USERS\MD\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ERMUDRRH ]
        .doubleclick.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        tracking.mlsat02.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wdl4cpdpego.stats.esomniture.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        server.adformdsp.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adformdsp.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\MD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YQPAFJ8U.DEFAULT\COOKIES.SQLITE ]

cosinus 17.07.2012 14:45
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Martin79 19.07.2012 20:16
Hallo Arne,

vielen Dank für deine Tipps!

Mein System läuft soweit unauffällig - Probleme kann ich nicht feststellen.

Ein ganz aktueller Scan mit Malwarebytes hat folgendes ergeben:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.19.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MD :: MD-LAPTOP [Administrator]

19.07.2012 19:10:58
mbam-log-2012-07-19 (19-10-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 412741
Laufzeit: 1 Stunde(n), 57 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 19.07.2012 21:06
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => http://www.adobe.com/products/flashp...ribution3.html

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Martin79 20.07.2012 17:31
Hallo Arne,

vielen herzlichen Dank für Deine Hilfe. :dankeschoen:
Ich bin Dir sehr dankbar.

Ich werde versuchen mein System etwas sicherer zu machen.

Viele Grüße

Martin


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131