Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU/ angebliche Bundespolizei/ Trojaner (https://www.trojaner-board.de/118450-gvu-angebliche-bundespolizei-trojaner.html)

ChrissCross6 12.07.2012 12:28
Hey,
hab den OTL Scan gemacht hier der Log:

Code:
OTL logfile created on: 12.07.2012 12:58:13 - Run 3
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\Home\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 59,23% Memory free
7,35 Gb Paging File | 5,24 Gb Available in Paging File | 71,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,39 Gb Total Space | 74,11 Gb Free Space | 32,74% Space Free | Partition Type: NTFS
Drive G: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.12 12:39:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL(1).exe
PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.05.21 17:46:03 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.05.21 17:45:47 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.08 13:35:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:35:08 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 13:35:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.04.23 18:46:32 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.04.17 07:57:08 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.09 01:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 15:36:52 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.14 15:36:42 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.05.11 10:44:17 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5e8f8f2c9fc237166053716f39f5ea67\IAStorUtil.ni.dll
MOD - [2012.05.10 15:00:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 15:00:02 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012.05.10 14:59:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.10 14:59:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.10 14:59:50 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.10 14:59:44 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2010.05.29 07:32:01 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.29 07:31:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.03.09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.11 22:34:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.10 22:58:47 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.21 17:46:03 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.05.21 17:45:47 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.20 13:54:38 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.08 13:35:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 13:35:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.22 21:07:34 | 058,345,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2011.09.22 21:07:34 | 000,154,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.22 21:06:04 | 000,431,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.07 22:21:09 | 003,988,144 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.04.23 10:46:04 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2010.04.17 07:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.03.26 11:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV:64bit: - [2012.05.08 13:35:09 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 13:35:09 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011.08.22 23:14:57 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.17 14:04:46 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.06.17 14:04:43 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.19 12:39:00 | 000,107,096 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV:64bit: - [2010.09.13 07:01:00 | 000,182,872 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mkd3kfnt.sys -- (Mkd3kfNt)
DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.04.21 00:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.04.07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.11 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.08 04:37:00 | 000,097,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2BthF.sys -- (Mkd2Bthf)
DRV:64bit: - [2010.03.05 12:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.01 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.14 22:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.02.10 09:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.13 17:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.13 17:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.12.22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360111t516l0453z115t6611k53o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360111t516l0453z115t6611k53o
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360111t516l0453z115t6611k53o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360111t516l0453z115t6611k53o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360111t516l0453z115t6611k53o
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE414
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..network.proxy.http: "200.105.225.45"
FF - prefs.js..network.proxy.http_port: 8080
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.20 00:33:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.14 20:50:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.14 20:50:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 13:55:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.11 19:19:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
 
[2012.06.19 13:55:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions
[2012.07.11 19:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\k2e0147e.default\extensions
[2012.06.19 13:56:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\k2e0147e.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.22 23:14:28 | 000,002,055 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\k2e0147e.default\searchplugins\daemon-search.xml
[2012.06.19 13:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.07.03 17:44:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.30 14:12:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: DAEMON Search (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-907013825-1055173690-614559143-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-907013825-1055173690-614559143-1001..\Run: [Akamai NetSession Interface] C:\Users\Home\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-907013825-1055173690-614559143-1001..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe File not found
O4 - HKU\S-1-5-21-907013825-1055173690-614559143-1001..\Run: [Steam] A:\Spiele\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab (Aosmgr Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBFF7C8E-01AF-47B5-A4F6-A6D5F88C8B31}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\Shell - "" = AutoRun
O33 - MountPoints2\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Diablo III Setup.exe -- [2012.02.03 00:07:14 | 001,856,592 | ---- | M] (Blizzard Entertainment)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: avast5 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= -  File not found
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.07 17:29:54 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Red Alert 3
[2012.07.07 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Red Alert 3
[2012.07.06 17:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.04 15:53:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2012.07.04 15:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.04 15:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.04 15:51:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.04 15:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.28 13:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.28 13:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.06.23 17:01:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\dxhr
[2012.06.23 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\28050
[2012.06.19 13:55:18 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Mozilla
[2012.06.19 13:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012.06.19 13:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2012.06.18 12:25:35 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Macromedia
[2011.12.08 14:42:42 | 003,539,040 | ---- | C] (AVAST Software) -- C:\Program Files\Alwil Softw
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.12 13:07:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.12 12:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.12 12:20:39 | 000,024,024 | ---- | M] () -- C:\Users\Home\Desktop\Notenspiegel.pdf
[2012.07.12 12:08:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.12 12:08:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.12 12:01:22 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.12 12:00:11 | 000,450,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 12:00:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.12 11:58:56 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.12 00:29:55 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini
[2012.07.11 10:03:14 | 001,828,946 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.11 10:03:14 | 000,773,738 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.11 10:03:14 | 000,727,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.11 10:03:14 | 000,178,388 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.11 10:03:14 | 000,150,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.08 12:20:14 | 000,056,073 | ---- | M] () -- C:\Users\Home\Desktop\Management Tools Aufsatz Robert.pdf
[2012.07.05 20:09:33 | 000,169,635 | ---- | M] () -- C:\Users\Home\Desktop\lessons_learnt.pdf
[2012.07.04 17:29:39 | 000,035,524 | ---- | M] () -- C:\Users\Home\Desktop\error.png
[2012.07.04 17:15:37 | 000,125,975 | ---- | M] () -- C:\Users\Home\Desktop\malware4.png
[2012.07.04 15:51:06 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.03 22:31:32 | 000,041,528 | ---- | M] () -- C:\Users\Home\Desktop\OTL_Extras.rar
[2012.07.03 21:28:55 | 000,000,000 | ---- | M] () -- C:\Users\Home\defogger_reenable
[2012.07.03 17:44:22 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.07.03 17:43:12 | 000,001,885 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.29 12:47:26 | 000,007,225 | ---- | M] () -- C:\Users\Home\Desktop\100-Punkte-Skala.png
[2012.06.24 21:32:32 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdate.dll
[2012.06.19 13:55:11 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.19 13:51:42 | 002,768,250 | ---- | M] () -- C:\Users\Home\Documents\Firefox 13.0.1 (de) - 2012-06-19.pcv
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.12 12:20:39 | 000,024,024 | ---- | C] () -- C:\Users\Home\Desktop\Notenspiegel.pdf
[2012.07.12 00:29:55 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2012.07.08 12:20:13 | 000,056,073 | ---- | C] () -- C:\Users\Home\Desktop\Management Tools Aufsatz Robert.pdf
[2012.07.05 20:09:33 | 000,169,635 | ---- | C] () -- C:\Users\Home\Desktop\lessons_learnt.pdf
[2012.07.04 17:21:04 | 000,035,524 | ---- | C] () -- C:\Users\Home\Desktop\error.png
[2012.07.04 17:15:37 | 000,125,975 | ---- | C] () -- C:\Users\Home\Desktop\malware4.png
[2012.07.04 15:51:06 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.03 22:31:32 | 000,041,528 | ---- | C] () -- C:\Users\Home\Desktop\OTL_Extras.rar
[2012.07.03 21:28:55 | 000,000,000 | ---- | C] () -- C:\Users\Home\defogger_reenable
[2012.07.03 17:43:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.07.03 17:43:12 | 000,001,885 | ---- | C] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.29 12:47:26 | 000,007,225 | ---- | C] () -- C:\Users\Home\Desktop\100-Punkte-Skala.png
[2012.06.19 13:55:11 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.19 13:55:11 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.19 13:51:34 | 002,768,250 | ---- | C] () -- C:\Users\Home\Documents\Firefox 13.0.1 (de) - 2012-06-19.pcv
[2012.06.19 11:43:23 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.28 10:37:43 | 000,007,605 | ---- | C] () -- C:\Users\Home\AppData\Local\Resmon.ResmonCfg
[2012.05.03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.03.30 19:48:50 | 000,000,152 | ---- | C] () -- C:\Windows\wininit.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.04 17:24:00 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.20 10:59:09 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{6DB3E144-DF23-4CD2-A2B7-DC468319DB2B}
[2011.05.01 22:28:45 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\godlike.dat
[2011.02.26 14:57:24 | 000,187,699 | ---- | C] () -- C:\Windows\Kino Mogul Uninstaller.exe
[2011.02.17 14:02:20 | 000,000,092 | ---- | C] () -- C:\Users\Home\AppData\Local\fusioncache.dat
[2011.02.16 20:48:50 | 000,004,608 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.16 18:59:51 | 001,806,840 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.16 18:58:14 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.02.16 18:58:13 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.02.16 18:58:13 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.02.06 16:52:19 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2011.01.18 14:06:39 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011.01.18 14:06:38 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2011.01.18 14:06:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2011.01.18 14:06:38 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2011.01.18 14:06:37 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2011.01.15 18:34:20 | 000,000,376 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat
[2011.01.13 15:44:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.13 15:35:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.14 06:57:51 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2012.01.31 19:28:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.minecraft
[2011.10.14 14:18:21 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Auslogics
[2011.06.07 16:48:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Azgard
[2012.01.28 20:51:08 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\BigHugeEngine
[2011.10.18 16:59:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\BitTorrent
[2012.02.01 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DAEMON Tools Lite
[2012.02.16 12:44:07 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DVDVideoSoft
[2011.02.16 20:38:04 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.15 17:06:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\FUEL Demo
[2011.06.01 16:54:12 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GetRightToGo
[2011.06.19 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\go
[2012.01.21 20:57:28 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\LolClient
[2012.05.24 16:02:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\LolClient2
[2011.04.18 16:14:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OOo-dev
[2011.04.18 15:22:05 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenOffice.org
[2011.02.17 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\PlayFirst
[2012.07.07 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Red Alert 3
[2011.02.02 17:35:00 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SAP
[2011.06.01 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SpinTop
[2012.03.29 22:16:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Subversion
[2011.10.13 14:21:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TeamViewer
[2011.01.16 16:34:33 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Template
[2012.06.19 11:38:28 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TS3Client
[2011.07.17 00:36:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ts3overlay
[2012.05.21 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Ubisoft
[2011.03.15 18:18:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Windows Live Writer
[2012.01.04 22:58:51 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Winter Sports 2011
[2011.03.18 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\XRay Engine
[2012.05.14 08:58:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.31 19:28:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.minecraft
[2011.04.16 15:12:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Adobe
[2012.01.18 23:08:31 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Apple Computer
[2011.01.13 15:29:07 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ATI
[2011.10.14 14:18:21 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Auslogics
[2012.01.09 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Avira
[2011.06.07 16:48:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Azgard
[2012.01.28 20:51:08 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\BigHugeEngine
[2011.10.18 16:59:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\BitTorrent
[2012.02.01 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DAEMON Tools Lite
[2012.02.02 19:48:34 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DivX
[2011.06.27 18:45:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\dvdcss
[2012.02.16 12:44:07 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DVDVideoSoft
[2011.02.16 20:38:04 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.15 17:06:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\FUEL Demo
[2011.06.01 16:54:12 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GetRightToGo
[2011.06.19 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\go
[2011.01.13 15:30:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Google
[2011.01.13 15:27:22 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Identities
[2012.01.05 12:19:09 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\InstallShield
[2011.01.13 15:28:04 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Intel Corporation
[2012.01.21 20:57:28 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\LolClient
[2012.05.24 16:02:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\LolClient2
[2011.01.13 15:27:54 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Macromedia
[2012.07.04 15:53:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Media Center Programs
[2012.05.08 18:35:41 | 000,000,000 | --SD | M] -- C:\Users\Home\AppData\Roaming\Microsoft
[2012.06.19 13:55:29 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Mozilla
[2011.04.18 16:14:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OOo-dev
[2011.04.18 15:22:05 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OpenOffice.org
[2011.02.17 16:28:49 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\PlayFirst
[2011.12.10 13:43:52 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Real
[2012.07.07 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Red Alert 3
[2011.02.02 17:35:00 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SAP
[2011.02.16 19:04:34 | 000,000,000 | RH-D | M] -- C:\Users\Home\AppData\Roaming\SecuROM
[2012.07.12 12:38:38 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Skype
[2011.05.28 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\skypePM
[2011.06.01 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SpinTop
[2012.03.29 22:16:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Subversion
[2011.10.13 14:21:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TeamViewer
[2011.01.16 16:34:33 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Template
[2012.03.29 22:18:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TortoiseSVN
[2012.06.19 11:38:28 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TS3Client
[2011.07.17 00:36:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ts3overlay
[2012.05.21 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Ubisoft
[2011.06.27 18:41:59 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\vlc
[2011.03.15 18:18:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Windows Live Writer
[2011.10.15 14:25:16 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WinRAR
[2012.01.04 22:58:51 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Winter Sports 2011
[2012.06.06 20:22:34 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Xfire
[2011.03.18 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\XRay Engine
 
< %APPDATA%\*.exe /s >
[2011.11.28 11:51:16 | 001,102,574 | ---- | M] () -- C:\Users\Home\AppData\Roaming\.minecraft\texturepacks\MCpatcher-2.2.2.exe
[2011.02.26 16:52:46 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Home\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\ARPPRODUCTICON.exe
[2011.02.26 16:52:46 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Home\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
[2011.02.26 16:52:46 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Home\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
[2011.02.26 16:52:46 | 000,008,854 | R--- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\Uninstall_GameShadow_B239090474BD48AAB2CC6612F8D46379.exe
[2011.02.06 17:21:14 | 263,326,453 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ragnarok Online\pRO Installer v3.exe
[2012.07.01 16:29:05 | 000,315,544 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Home\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\Users\Home\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2D09AB80

< End of report >
Gruß Christian

cosinus 12.07.2012 14:49
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKU\S-1-5-21-907013825-1055173690-614559143-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..network.proxy.http: "200.105.225.45"
FF - prefs.js..network.proxy.http_port: 8080
FF - user.js - File not found
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll File not found
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\Shell - "" = AutoRun
O33 - MountPoints2\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Diablo III Setup.exe -- [2012.02.03 00:07:14 | 001,856,592 | ---- | M] (Blizzard Entertainment)
[2012.06.23 17:01:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\dxhr
[2012.06.23 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\28050
[2012.07.03 17:43:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2010.05.14 06:57:51 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2D09AB80
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ChrissCross6 13.07.2012 10:35
Hey,

danke für die Erstellung des Scripts :). Hier ist der Log:

Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-907013825-1055173690-614559143-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 removed from extensions.enabledItems
Prefs.js: "200.105.225.45" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. G:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cc05ff4-cc9c-11e0-9252-c80aa98d5180}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ebd195b-6a90-11df-8a8e-806e6f6e6963}\ not found.
File move failed. G:\Diablo III Setup.exe scheduled to be moved on reboot.
C:\Users\Home\AppData\Local\dxhr\cache\data\players folder moved successfully.
C:\Users\Home\AppData\Local\dxhr\cache\data folder moved successfully.
C:\Users\Home\AppData\Local\dxhr\cache folder moved successfully.
C:\Users\Home\AppData\Local\dxhr folder moved successfully.
C:\Users\Home\AppData\Local\28050\eidos\2a128d0\cache\temp folder moved successfully.
C:\Users\Home\AppData\Local\28050\eidos\2a128d0\cache\persistent folder moved successfully.
C:\Users\Home\AppData\Local\28050\eidos\2a128d0\cache folder moved successfully.
C:\Users\Home\AppData\Local\28050\eidos\2a128d0 folder moved successfully.
C:\Users\Home\AppData\Local\28050\eidos folder moved successfully.
C:\Users\Home\AppData\Local\28050 folder moved successfully.
C:\ProgramData\nud0repor.pad moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:93EB7685 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:2D09AB80 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Home
->Temp folder emptied: 9188370 bytes
->Temporary Internet Files folder emptied: 38137293 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 1079317936 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6265 bytes
 
User: Internet
->Temp folder emptied: 192677 bytes
->Temporary Internet Files folder emptied: 262066 bytes
->FireFox cache emptied: 63406313 bytes
->Flash cache emptied: 920 bytes
 
User: Public
 
User: University
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102082 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85163 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.136,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Default
 
User: Default User
 
User: Home
->Flash cache emptied: 0 bytes
 
User: Internet
->Flash cache emptied: 0 bytes
 
User: Public
 
User: University
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07132012_112431

Files\Folders moved on Reboot...
File move failed. G:\autorun.inf scheduled to be moved on reboot.
File move failed. G:\Diablo III Setup.exe scheduled to be moved on reboot.
C:\Users\Home\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\urlclassifier3.sqlite moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () G:\autorun.inf : MD5=F3508C41EE019FD19BDC7E5B72A20D47
[2012.02.03 00:07:14 | 001,856,592 | ---- | M] (Blizzard Entertainment) G:\Diablo III Setup.exe : MD5=DDB8CB14B7DD6B00236320CB2FAB06BA
File C:\Users\Home\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_001_ not found!
File C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_002_ not found!
File C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_003_ not found!
File C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\Cache\_CACHE_MAP_ not found!
File C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\k2e0147e.default\urlclassifier3.sqlite not found!
[2012.07.13 11:28:35 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5

Registry entries deleted on Reboot...
Gruß Christian

cosinus 13.07.2012 20:25
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

ChrissCross6 13.07.2012 21:43
Hey,

ok habe das gemacht, hier der Log:
Code:
22:36:58.0114 6732        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
22:36:58.0254 6732        ============================================================
22:36:58.0254 6732        Current date / time: 2012/07/13 22:36:58.0254
22:36:58.0254 6732        SystemInfo:
22:36:58.0254 6732       
22:36:58.0254 6732        OS Version: 6.1.7600 ServicePack: 0.0
22:36:58.0254 6732        Product type: Workstation
22:36:58.0254 6732        ComputerName: HOME-PC
22:36:58.0254 6732        UserName: Home
22:36:58.0254 6732        Windows directory: C:\Windows
22:36:58.0254 6732        System windows directory: C:\Windows
22:36:58.0254 6732        Running under WOW64
22:36:58.0254 6732        Processor architecture: Intel x64
22:36:58.0254 6732        Number of processors: 4
22:36:58.0254 6732        Page size: 0x1000
22:36:58.0254 6732        Boot type: Normal boot
22:36:58.0254 6732        ============================================================
22:36:59.0405 6732        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:36:59.0411 6732        ============================================================
22:36:59.0411 6732        \Device\Harddisk0\DR0:
22:36:59.0411 6732        MBR partitions:
22:36:59.0411 6732        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
22:36:59.0411 6732        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x1C4CA000
22:36:59.0431 6732        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DEFD000, BlocksNum 0x1C488800
22:36:59.0431 6732        ============================================================
22:36:59.0460 6732        C: <-> \Device\Harddisk0\DR0\Partition1
22:36:59.0513 6732        A: <-> \Device\Harddisk0\DR0\Partition2
22:36:59.0543 6732        ============================================================
22:36:59.0544 6732        Initialize success
22:36:59.0544 6732        ============================================================
22:39:20.0428 5976        ============================================================
22:39:20.0428 5976        Scan started
22:39:20.0428 5976        Mode: Manual; SigCheck; TDLFS;
22:39:20.0428 5976        ============================================================
22:39:23.0002 5976        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:39:23.0205 5976        1394ohci - ok
22:39:23.0252 5976        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:39:23.0298 5976        ACPI - ok
22:39:23.0361 5976        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:39:23.0439 5976        AcpiPmi - ok
22:39:23.0579 5976        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:39:23.0610 5976        AdobeARMservice - ok
22:39:24.0032 5976        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:39:24.0047 5976        AdobeFlashPlayerUpdateSvc - ok
22:39:24.0188 5976        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:39:24.0219 5976        adp94xx - ok
22:39:24.0266 5976        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:39:24.0312 5976        adpahci - ok
22:39:24.0328 5976        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:39:24.0344 5976        adpu320 - ok
22:39:24.0375 5976        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:39:24.0609 5976        AeLookupSvc - ok
22:39:24.0702 5976        AFD            (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
22:39:24.0827 5976        AFD - ok
22:39:24.0874 5976        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:39:24.0890 5976        agp440 - ok
22:39:25.0358 5976        Akamai          (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
22:39:25.0358 5976        Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
22:39:25.0358 5976        Akamai ( HiddenFile.Multi.Generic ) - warning
22:39:25.0358 5976        Akamai - detected HiddenFile.Multi.Generic (1)
22:39:25.0498 5976        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:39:25.0560 5976        ALG - ok
22:39:25.0638 5976        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:39:25.0670 5976        aliide - ok
22:39:25.0716 5976        AMD External Events Utility (671d9dca48da807780d8409c18ed0ae0) C:\Windows\system32\atiesrxx.exe
22:39:25.0872 5976        AMD External Events Utility - ok
22:39:25.0904 5976        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:39:25.0919 5976        amdide - ok
22:39:25.0950 5976        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:39:25.0982 5976        AmdK8 - ok
22:39:26.0637 5976        amdkmdag        (d3e6b2e1394d93fe9db0ba24814b0d8f) C:\Windows\system32\DRIVERS\atipmdag.sys
22:39:26.0886 5976        amdkmdag - ok
22:39:27.0042 5976        amdkmdap        (cc4d915d786d3da973b2ea9b95d59a29) C:\Windows\system32\DRIVERS\atikmpag.sys
22:39:27.0089 5976        amdkmdap - ok
22:39:27.0120 5976        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:39:27.0167 5976        AmdPPM - ok
22:39:27.0230 5976        amdsata        (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
22:39:27.0245 5976        amdsata - ok
22:39:27.0308 5976        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:39:27.0339 5976        amdsbs - ok
22:39:27.0370 5976        amdxata        (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
22:39:27.0401 5976        amdxata - ok
22:39:27.0432 5976        AmUStor        (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
22:39:27.0495 5976        AmUStor - ok
22:39:27.0620 5976        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:39:27.0635 5976        AntiVirSchedulerService - ok
22:39:27.0713 5976        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:39:27.0729 5976        AntiVirService - ok
22:39:27.0776 5976        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:39:27.0900 5976        AppID - ok
22:39:27.0932 5976        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:39:28.0072 5976        AppIDSvc - ok
22:39:28.0119 5976        Appinfo        (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
22:39:28.0181 5976        Appinfo - ok
22:39:28.0275 5976        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:39:28.0290 5976        Apple Mobile Device - ok
22:39:28.0337 5976        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:39:28.0353 5976        arc - ok
22:39:28.0384 5976        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:39:28.0400 5976        arcsas - ok
22:39:28.0524 5976        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:39:28.0618 5976        aspnet_state - ok
22:39:28.0665 5976        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:39:28.0727 5976        AsyncMac - ok
22:39:28.0758 5976        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:39:28.0774 5976        atapi - ok
22:39:28.0977 5976        athr            (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys
22:39:29.0117 5976        athr - ok
22:39:29.0273 5976        AtiHdmiService  (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
22:39:29.0304 5976        AtiHdmiService - ok
22:39:29.0367 5976        atksgt          (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
22:39:29.0398 5976        atksgt - ok
22:39:29.0476 5976        AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:39:29.0570 5976        AudioEndpointBuilder - ok
22:39:29.0570 5976        AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:39:29.0632 5976        AudioSrv - ok
22:39:29.0694 5976        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
22:39:29.0726 5976        avgntflt - ok
22:39:29.0788 5976        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
22:39:29.0819 5976        avipbb - ok
22:39:29.0819 5976        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:39:29.0835 5976        avkmgr - ok
22:39:29.0913 5976        AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
22:39:29.0991 5976        AxInstSV - ok
22:39:30.0069 5976        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:39:30.0131 5976        b06bdrv - ok
22:39:30.0225 5976        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:39:30.0256 5976        b57nd60a - ok
22:39:30.0459 5976        BBSvc          (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
22:39:30.0474 5976        BBSvc - ok
22:39:30.0599 5976        BBUpdate        (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
22:39:30.0615 5976        BBUpdate - ok
22:39:30.0911 5976        BCM43XX        (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:39:31.0036 5976        BCM43XX - ok
22:39:31.0176 5976        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:39:31.0254 5976        BDESVC - ok
22:39:31.0301 5976        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:39:31.0379 5976        Beep - ok
22:39:31.0488 5976        BFE            (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
22:39:31.0582 5976        BFE - ok
22:39:31.0676 5976        BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
22:39:31.0816 5976        BITS - ok
22:39:31.0878 5976        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:39:31.0925 5976        blbdrive - ok
22:39:32.0034 5976        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:39:32.0081 5976        Bonjour Service - ok
22:39:32.0112 5976        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:39:32.0206 5976        bowser - ok
22:39:32.0222 5976        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:39:32.0268 5976        BrFiltLo - ok
22:39:32.0284 5976        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:39:32.0331 5976        BrFiltUp - ok
22:39:32.0393 5976        Browser        (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
22:39:32.0471 5976        Browser - ok
22:39:32.0534 5976        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:39:32.0612 5976        Brserid - ok
22:39:32.0627 5976        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:39:32.0658 5976        BrSerWdm - ok
22:39:32.0690 5976        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:39:32.0752 5976        BrUsbMdm - ok
22:39:32.0752 5976        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:39:32.0783 5976        BrUsbSer - ok
22:39:32.0846 5976        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:39:32.0892 5976        BthEnum - ok
22:39:32.0955 5976        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:39:33.0002 5976        BTHMODEM - ok
22:39:33.0048 5976        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:39:33.0080 5976        BthPan - ok
22:39:33.0173 5976        BTHPORT        (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
22:39:33.0251 5976        BTHPORT - ok
22:39:33.0314 5976        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:39:33.0376 5976        bthserv - ok
22:39:33.0423 5976        BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
22:39:33.0470 5976        BTHUSB - ok
22:39:33.0532 5976        btwampfl        (380b798d30c56ede4af58619d0e86ccb) C:\Windows\system32\drivers\btwampfl.sys
22:39:33.0563 5976        btwampfl - ok
22:39:33.0610 5976        btwaudio        (ba5622f5544c6c445dff1a05acc8b19d) C:\Windows\system32\drivers\btwaudio.sys
22:39:33.0626 5976        btwaudio - ok
22:39:33.0657 5976        btwavdt        (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\DRIVERS\btwavdt.sys
22:39:33.0657 5976        btwavdt - ok
22:39:33.0813 5976        btwdins        (3930e53ee0bed9dff9afa09f505d0cae) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:39:33.0875 5976        btwdins - ok
22:39:33.0922 5976        btwl2cap        (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:39:33.0922 5976        btwl2cap - ok
22:39:33.0953 5976        btwrchid        (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys
22:39:33.0969 5976        btwrchid - ok
22:39:34.0016 5976        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:39:34.0094 5976        cdfs - ok
22:39:34.0140 5976        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:39:34.0203 5976        cdrom - ok
22:39:34.0250 5976        CertPropSvc    (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:39:34.0328 5976        CertPropSvc - ok
22:39:34.0374 5976        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:39:34.0406 5976        circlass - ok
22:39:34.0530 5976        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:39:34.0562 5976        CLFS - ok
22:39:34.0655 5976        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:34.0671 5976        clr_optimization_v2.0.50727_32 - ok
22:39:34.0749 5976        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:39:34.0764 5976        clr_optimization_v2.0.50727_64 - ok
22:39:34.0889 5976        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:39:35.0045 5976        clr_optimization_v4.0.30319_32 - ok
22:39:35.0123 5976        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:39:35.0201 5976        clr_optimization_v4.0.30319_64 - ok
22:39:35.0248 5976        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:39:35.0295 5976        CmBatt - ok
22:39:35.0310 5976        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:39:35.0326 5976        cmdide - ok
22:39:35.0420 5976        CNG            (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
22:39:35.0498 5976        CNG - ok
22:39:35.0544 5976        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:39:35.0560 5976        Compbatt - ok
22:39:35.0591 5976        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:39:35.0638 5976        CompositeBus - ok
22:39:35.0669 5976        COMSysApp - ok
22:39:35.0685 5976        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:39:35.0700 5976        crcdisk - ok
22:39:35.0778 5976        CryptSvc        (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
22:39:35.0872 5976        CryptSvc - ok
22:39:35.0919 5976        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
22:39:35.0934 5976        CVirtA - ok
22:39:36.0153 5976        CVPND          (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
22:39:36.0231 5976        CVPND - ok
22:39:36.0402 5976        CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
22:39:36.0434 5976        CVPNDRVA - ok
22:39:36.0574 5976        DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:39:36.0668 5976        DcomLaunch - ok
22:39:36.0746 5976        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:39:36.0855 5976        defragsvc - ok
22:39:36.0902 5976        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:39:36.0995 5976        DfsC - ok
22:39:37.0042 5976        Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
22:39:37.0167 5976        Dhcp - ok
22:39:37.0198 5976        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:39:37.0276 5976        discache - ok
22:39:37.0323 5976        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:39:37.0338 5976        Disk - ok
22:39:37.0401 5976        DNE            (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
22:39:37.0416 5976        DNE - ok
22:39:37.0479 5976        Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
22:39:37.0572 5976        Dnscache - ok
22:39:37.0619 5976        dot3svc        (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
22:39:37.0697 5976        dot3svc - ok
22:39:37.0744 5976        DPS            (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
22:39:37.0822 5976        DPS - ok
22:39:37.0853 5976        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:39:37.0869 5976        drmkaud - ok
22:39:37.0994 5976        DsiWMIService  (61e894fe1e9cc720c909e6e343351794) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:39:38.0025 5976        DsiWMIService - ok
22:39:38.0103 5976        dtsoftbus01    (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:39:38.0134 5976        dtsoftbus01 - ok
22:39:38.0243 5976        dump_wmimmc - ok
22:39:38.0368 5976        DXGKrnl        (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:39:38.0415 5976        DXGKrnl - ok
22:39:38.0462 5976        EagleX64 - ok
22:39:38.0493 5976        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:39:38.0586 5976        EapHost - ok
22:39:39.0242 5976        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:39:39.0382 5976        ebdrv - ok
22:39:39.0507 5976        EFS            (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
22:39:39.0600 5976        EFS - ok
22:39:39.0725 5976        ehRecvr        (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
22:39:39.0819 5976        ehRecvr - ok
22:39:39.0850 5976        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:39:39.0944 5976        ehSched - ok
22:39:40.0068 5976        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:39:40.0162 5976        elxstor - ok
22:39:40.0302 5976        ePowerSvc      (064f001bf07333f980ffb565dcf6dd3d) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
22:39:40.0349 5976        ePowerSvc - ok
22:39:40.0474 5976        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:39:40.0521 5976        ErrDev - ok
22:39:40.0614 5976        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:39:40.0739 5976        EventSystem - ok
22:39:40.0833 5976        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:39:40.0911 5976        exfat - ok
22:39:40.0942 5976        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:39:41.0036 5976        fastfat - ok
22:39:41.0176 5976        Fax            (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
22:39:41.0316 5976        Fax - ok
22:39:41.0332 5976        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:39:41.0363 5976        fdc - ok
22:39:41.0410 5976        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:39:41.0488 5976        fdPHost - ok
22:39:41.0504 5976        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:39:41.0550 5976        FDResPub - ok
22:39:41.0582 5976        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:39:41.0582 5976        FileInfo - ok
22:39:41.0597 5976        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:39:41.0660 5976        Filetrace - ok
22:39:41.0675 5976        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:39:41.0691 5976        flpydisk - ok
22:39:41.0722 5976        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:39:41.0753 5976        FltMgr - ok
22:39:41.0878 5976        FontCache      (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
22:39:42.0003 5976        FontCache - ok
22:39:42.0081 5976        FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:39:42.0096 5976        FontCache3.0.0.0 - ok
22:39:42.0143 5976        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:39:42.0174 5976        FsDepends - ok
22:39:42.0206 5976        fssfltr        (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
22:39:42.0221 5976        fssfltr - ok
22:39:42.0440 5976        fsssvc          (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:39:42.0518 5976        fsssvc - ok
22:39:42.0642 5976        Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
22:39:42.0658 5976        Fs_Rec - ok
22:39:42.0720 5976        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:39:42.0752 5976        fvevol - ok
22:39:42.0798 5976        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:39:42.0814 5976        gagp30kx - ok
22:39:42.0908 5976        gpsvc          (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
22:39:42.0986 5976        gpsvc - ok
22:39:43.0095 5976        GREGService    (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
22:39:43.0110 5976        GREGService - ok
22:39:43.0188 5976        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:43.0204 5976        gupdate - ok
22:39:43.0204 5976        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:43.0235 5976        gupdatem - ok
22:39:43.0266 5976        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:39:43.0282 5976        gusvc - ok
22:39:43.0329 5976        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
22:39:43.0344 5976        hamachi - ok
22:39:43.0610 5976        Hamachi2Svc    (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
22:39:43.0719 5976        Hamachi2Svc - ok
22:39:43.0859 5976        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:39:43.0953 5976        hcw85cir - ok
22:39:44.0000 5976        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:39:44.0046 5976        HdAudAddService - ok
22:39:44.0093 5976        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:39:44.0156 5976        HDAudBus - ok
22:39:44.0187 5976        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:39:44.0218 5976        HECIx64 - ok
22:39:44.0234 5976        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:39:44.0265 5976        HidBatt - ok
22:39:44.0312 5976        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:39:44.0374 5976        HidBth - ok
22:39:44.0405 5976        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:39:44.0436 5976        HidIr - ok
22:39:44.0468 5976        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:39:44.0546 5976        hidserv - ok
22:39:44.0577 5976        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:39:44.0592 5976        HidUsb - ok
22:39:44.0624 5976        hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
22:39:44.0686 5976        hkmsvc - ok
22:39:44.0748 5976        HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
22:39:44.0826 5976        HomeGroupListener - ok
22:39:44.0873 5976        HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
22:39:44.0920 5976        HomeGroupProvider - ok
22:39:44.0967 5976        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:39:44.0982 5976        HpSAMD - ok
22:39:45.0060 5976        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:39:45.0154 5976        HTTP - ok
22:39:45.0170 5976        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:39:45.0201 5976        hwpolicy - ok
22:39:45.0248 5976        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:39:45.0279 5976        i8042prt - ok
22:39:45.0341 5976        iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
22:39:45.0372 5976        iaStor - ok
22:39:45.0450 5976        IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:39:45.0482 5976        IAStorDataMgrSvc - ok
22:39:45.0606 5976        iaStorV        (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
22:39:45.0622 5976        iaStorV - ok
22:39:45.0700 5976        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:39:45.0716 5976        IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:39:45.0716 5976        IDriverT - detected UnsignedFile.Multi.Generic (1)
22:39:45.0825 5976        idsvc          (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:39:45.0872 5976        idsvc - ok
22:39:45.0981 5976        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:39:45.0996 5976        iirsp - ok
22:39:46.0106 5976        IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
22:39:46.0230 5976        IKEEXT - ok
22:39:46.0293 5976        Impcd          (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
22:39:46.0324 5976        Impcd - ok
22:39:46.0355 5976        IntcAzAudAddService - ok
22:39:46.0371 5976        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:39:46.0386 5976        intelide - ok
22:39:47.0120 5976        intelkmd        (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdpmd64.sys
22:39:47.0447 5976        intelkmd - ok
22:39:47.0666 5976        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:39:47.0681 5976        intelppm - ok
22:39:47.0728 5976        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:39:47.0790 5976        IPBusEnum - ok
22:39:47.0822 5976        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:47.0868 5976        IpFilterDriver - ok
22:39:47.0931 5976        iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
22:39:48.0009 5976        iphlpsvc - ok
22:39:48.0056 5976        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:39:48.0087 5976        IPMIDRV - ok
22:39:48.0087 5976        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:39:48.0149 5976        IPNAT - ok
22:39:48.0180 5976        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:39:48.0196 5976        IRENUM - ok
22:39:48.0196 5976        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:39:48.0212 5976        isapnp - ok
22:39:48.0243 5976        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:39:48.0274 5976        iScsiPrt - ok
22:39:48.0305 5976        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:39:48.0321 5976        kbdclass - ok
22:39:48.0336 5976        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:39:48.0368 5976        kbdhid - ok
22:39:48.0414 5976        KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:39:48.0430 5976        KeyIso - ok
22:39:48.0477 5976        KSecDD          (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
22:39:48.0508 5976        KSecDD - ok
22:39:48.0524 5976        KSecPkg        (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
22:39:48.0539 5976        KSecPkg - ok
22:39:48.0570 5976        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:39:48.0633 5976        ksthunk - ok
22:39:48.0695 5976        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:39:48.0758 5976        KtmRm - ok
22:39:48.0804 5976        L1C            (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
22:39:48.0820 5976        L1C - ok
22:39:48.0898 5976        LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
22:39:48.0992 5976        LanmanServer - ok
22:39:49.0023 5976        LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
22:39:49.0101 5976        LanmanWorkstation - ok
22:39:49.0163 5976        lirsgt          (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
22:39:49.0179 5976        lirsgt - ok
22:39:49.0210 5976        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:39:49.0272 5976        lltdio - ok
22:39:49.0304 5976        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:39:49.0397 5976        lltdsvc - ok
22:39:49.0428 5976        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:39:49.0475 5976        lmhosts - ok
22:39:49.0616 5976        LMS            (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:39:49.0647 5976        LMS ( UnsignedFile.Multi.Generic ) - warning
22:39:49.0647 5976        LMS - detected UnsignedFile.Multi.Generic (1)
22:39:49.0709 5976        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:39:49.0740 5976        LSI_FC - ok
22:39:49.0772 5976        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:39:49.0787 5976        LSI_SAS - ok
22:39:49.0834 5976        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:39:49.0850 5976        LSI_SAS2 - ok
22:39:49.0865 5976        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:39:49.0881 5976        LSI_SCSI - ok
22:39:49.0928 5976        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:39:50.0006 5976        luafv - ok
22:39:50.0115 5976        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:39:50.0130 5976        MBAMProtector - ok
22:39:50.0224 5976        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:39:50.0271 5976        MBAMService - ok
22:39:50.0318 5976        Mcx2Svc        (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
22:39:50.0349 5976        Mcx2Svc - ok
22:39:50.0364 5976        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:39:50.0380 5976        megasas - ok
22:39:50.0411 5976        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:39:50.0442 5976        MegaSR - ok
22:39:50.0520 5976        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:39:50.0536 5976        Microsoft Office Groove Audit Service - ok
22:39:50.0614 5976        Mkd2Bthf        (20574909fdd7843618bf03f95b61303d) C:\Windows\system32\drivers\Mkd2Bthf.sys
22:39:50.0630 5976        Mkd2Bthf - ok
22:39:50.0676 5976        Mkd2Nadr        (131d429af08e90cd16b36c68edf56226) C:\Windows\system32\drivers\Mkd2Nadr.sys
22:39:50.0692 5976        Mkd2Nadr - ok
22:39:50.0754 5976        Mkd3kfNt        (8719aa5b8faabacc5f12239f3d9572a2) C:\Windows\system32\drivers\Mkd3kfNt.sys
22:39:50.0786 5976        Mkd3kfNt - ok
22:39:50.0817 5976        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:39:50.0895 5976        MMCSS - ok
22:39:50.0910 5976        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:39:50.0988 5976        Modem - ok
22:39:51.0020 5976        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:39:51.0082 5976        monitor - ok
22:39:51.0129 5976        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:39:51.0144 5976        mouclass - ok
22:39:51.0191 5976        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:39:51.0207 5976        mouhid - ok
22:39:51.0238 5976        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:39:51.0254 5976        mountmgr - ok
22:39:51.0363 5976        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:39:51.0394 5976        MozillaMaintenance - ok
22:39:51.0425 5976        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:39:51.0456 5976        mpio - ok
22:39:51.0488 5976        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:39:51.0566 5976        mpsdrv - ok
22:39:51.0706 5976        MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
22:39:51.0831 5976        MpsSvc - ok
22:39:51.0909 5976        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:39:51.0940 5976        MRxDAV - ok
22:39:51.0987 5976        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:52.0049 5976        mrxsmb - ok
22:39:52.0112 5976        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:52.0158 5976        mrxsmb10 - ok
22:39:52.0205 5976        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:52.0236 5976        mrxsmb20 - ok
22:39:52.0283 5976        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:39:52.0299 5976        msahci - ok
22:39:52.0314 5976        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:39:52.0330 5976        msdsm - ok
22:39:52.0361 5976        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:39:52.0424 5976        MSDTC - ok
22:39:52.0455 5976        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:39:52.0502 5976        Msfs - ok
22:39:52.0533 5976        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:39:52.0580 5976        mshidkmdf - ok
22:39:52.0580 5976        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:39:52.0595 5976        msisadrv - ok
22:39:52.0626 5976        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:39:52.0720 5976        MSiSCSI - ok
22:39:52.0720 5976        msiserver - ok
22:39:52.0767 5976        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:39:52.0829 5976        MSKSSRV - ok
22:39:52.0845 5976        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:52.0907 5976        MSPCLOCK - ok
22:39:52.0907 5976        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:39:52.0970 5976        MSPQM - ok
22:39:53.0016 5976        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:39:53.0048 5976        MsRPC - ok
22:39:53.0063 5976        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:39:53.0079 5976        mssmbios - ok
22:39:53.0204 5976        MSSQL$SQLEXPRESS - ok
22:39:53.0282 5976        MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:39:53.0313 5976        MSSQLServerADHelper100 - ok
22:39:53.0344 5976        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:39:53.0406 5976        MSTEE - ok
22:39:53.0406 5976        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:39:53.0438 5976        MTConfig - ok
22:39:53.0484 5976        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:39:53.0516 5976        Mup - ok
22:39:53.0547 5976        mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:39:53.0562 5976        mwlPSDFilter - ok
22:39:53.0578 5976        mwlPSDNServ    (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:39:53.0594 5976        mwlPSDNServ - ok
22:39:53.0625 5976        mwlPSDVDisk    (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:39:53.0640 5976        mwlPSDVDisk - ok
22:39:53.0812 5976        MWLService      (0036634e5c92be109056f7e2380103a9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
22:39:53.0828 5976        MWLService - ok
22:39:53.0999 5976        napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
22:39:54.0046 5976        napagent - ok
22:39:54.0124 5976        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:39:54.0155 5976        NativeWifiP - ok
22:39:54.0249 5976        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:39:54.0296 5976        NDIS - ok
22:39:54.0311 5976        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:39:54.0358 5976        NdisCap - ok
22:39:54.0389 5976        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:54.0452 5976        NdisTapi - ok
22:39:54.0483 5976        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:54.0576 5976        Ndisuio - ok
22:39:54.0608 5976        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:54.0654 5976        NdisWan - ok
22:39:54.0670 5976        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:39:54.0717 5976        NDProxy - ok
22:39:54.0764 5976        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:39:54.0857 5976        NetBIOS - ok
22:39:54.0888 5976        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:39:54.0951 5976        NetBT - ok
22:39:54.0998 5976        Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:39:55.0013 5976        Netlogon - ok
22:39:55.0091 5976        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:39:55.0169 5976        Netman - ok
22:39:55.0310 5976        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:55.0356 5976        NetMsmqActivator - ok
22:39:55.0388 5976        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:55.0403 5976        NetPipeActivator - ok
22:39:55.0466 5976        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:39:55.0559 5976        netprofm - ok
22:39:55.0575 5976        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:55.0590 5976        NetTcpActivator - ok
22:39:55.0590 5976        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:55.0622 5976        NetTcpPortSharing - ok
22:39:55.0700 5976        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:39:55.0715 5976        nfrd960 - ok
22:39:55.0809 5976        NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
22:39:55.0887 5976        NlaSvc - ok
22:39:55.0918 5976        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:39:55.0996 5976        Npfs - ok
22:39:56.0027 5976        npggsvc - ok
22:39:56.0027 5976        NPPTNT2 - ok
22:39:56.0074 5976        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:39:56.0152 5976        nsi - ok
22:39:56.0168 5976        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:39:56.0214 5976        nsiproxy - ok
22:39:56.0402 5976        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:39:56.0480 5976        Ntfs - ok
22:39:56.0589 5976        NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
22:39:56.0636 5976        NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
22:39:56.0636 5976        NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
22:39:56.0667 5976        NTIBackupSvc    (15221dd637d9d0ffc60848ebbf1df538) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:39:56.0682 5976        NTIBackupSvc - ok
22:39:56.0807 5976        NTIDrvr        (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
22:39:56.0823 5976        NTIDrvr - ok
22:39:56.0885 5976        NTISchedulerSvc (b5071e15d4c3f5ef5018aff7e85a85e5) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:39:56.0963 5976        NTISchedulerSvc - ok
22:39:56.0994 5976        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:39:57.0072 5976        Null - ok
22:39:57.0104 5976        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
22:39:57.0135 5976        nvraid - ok
22:39:57.0182 5976        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
22:39:57.0213 5976        nvstor - ok
22:39:57.0244 5976        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:39:57.0275 5976        nv_agp - ok
22:39:57.0353 5976        ODDPwrSvc      (ba7dac1b8a86d9402c3e04e1fcaa600d) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
22:39:57.0369 5976        ODDPwrSvc - ok
22:39:57.0478 5976        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:39:57.0525 5976        odserv - ok
22:39:57.0556 5976        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:39:57.0572 5976        ohci1394 - ok
22:39:57.0603 5976        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:39:57.0634 5976        ose - ok
22:39:57.0681 5976        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:39:57.0759 5976        p2pimsvc - ok
22:39:57.0837 5976        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:39:57.0868 5976        p2psvc - ok
22:39:57.0899 5976        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:39:57.0915 5976        Parport - ok
22:39:57.0962 5976        partmgr        (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
22:39:57.0977 5976        partmgr - ok
22:39:58.0008 5976        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:39:58.0055 5976        PcaSvc - ok
22:39:58.0102 5976        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:39:58.0118 5976        pci - ok
22:39:58.0149 5976        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:39:58.0164 5976        pciide - ok
22:39:58.0196 5976        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:39:58.0211 5976        pcmcia - ok
22:39:58.0242 5976        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:39:58.0258 5976        pcw - ok
22:39:58.0336 5976        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:39:58.0398 5976        PEAUTH - ok
22:39:58.0508 5976        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:39:58.0554 5976        PerfHost - ok
22:39:58.0788 5976        pla            (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
22:39:58.0913 5976        pla - ok
22:39:59.0007 5976        PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
22:39:59.0116 5976        PlugPlay - ok
22:39:59.0147 5976        PnkBstrA - ok
22:39:59.0194 5976        PnkBstrB - ok
22:39:59.0225 5976        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:39:59.0256 5976        PNRPAutoReg - ok
22:39:59.0303 5976        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:39:59.0334 5976        PNRPsvc - ok
22:39:59.0381 5976        PolicyAgent    (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
22:39:59.0459 5976        PolicyAgent - ok
22:39:59.0506 5976        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:39:59.0568 5976        Power - ok
22:39:59.0646 5976        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:39:59.0709 5976        PptpMiniport - ok
22:39:59.0756 5976        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:39:59.0802 5976        Processor - ok
22:39:59.0865 5976        ProfSvc        (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
22:39:59.0943 5976        ProfSvc - ok
22:39:59.0990 5976        ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:39:59.0990 5976        ProtectedStorage - ok
22:40:00.0083 5976        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:40:00.0130 5976        Psched - ok
22:40:00.0286 5976        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:40:00.0364 5976        ql2300 - ok
22:40:00.0520 5976        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:40:00.0551 5976        ql40xx - ok
22:40:00.0598 5976        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:40:00.0645 5976        QWAVE - ok
22:40:00.0676 5976        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:40:00.0707 5976        QWAVEdrv - ok
22:40:00.0707 5976        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:40:00.0754 5976        RasAcd - ok
22:40:00.0801 5976        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:40:00.0848 5976        RasAgileVpn - ok
22:40:00.0879 5976        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:40:00.0941 5976        RasAuto - ok
22:40:00.0972 5976        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:01.0035 5976        Rasl2tp - ok
22:40:01.0066 5976        RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
22:40:01.0144 5976        RasMan - ok
22:40:01.0175 5976        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:01.0253 5976        RasPppoe - ok
22:40:01.0285 5976        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:40:01.0347 5976        RasSstp - ok
22:40:01.0394 5976        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:40:01.0472 5976        rdbss - ok
22:40:01.0487 5976        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:40:01.0503 5976        rdpbus - ok
22:40:01.0519 5976        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:01.0565 5976        RDPCDD - ok
22:40:01.0597 5976        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:40:01.0659 5976        RDPENCDD - ok
22:40:01.0675 5976        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:40:01.0721 5976        RDPREFMP - ok
22:40:01.0768 5976        RDPWD          (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
22:40:01.0846 5976        RDPWD - ok
22:40:01.0893 5976        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:40:01.0940 5976        rdyboost - ok
22:40:01.0987 5976        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:40:02.0065 5976        RemoteAccess - ok
22:40:02.0127 5976        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:40:02.0205 5976        RemoteRegistry - ok
22:40:02.0267 5976        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:40:02.0299 5976        RFCOMM - ok
22:40:02.0408 5976        RichVideo      (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
22:40:02.0470 5976        RichVideo ( UnsignedFile.Multi.Generic ) - warning
22:40:02.0470 5976        RichVideo - detected UnsignedFile.Multi.Generic (1)
22:40:02.0517 5976        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:40:02.0579 5976        RpcEptMapper - ok
22:40:02.0611 5976        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:40:02.0626 5976        RpcLocator - ok
22:40:02.0673 5976        RpcSs          (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:40:02.0735 5976        RpcSs - ok
22:40:02.0813 5976        RsFx0105        (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys
22:40:02.0876 5976        RsFx0105 - ok
22:40:02.0907 5976        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:40:02.0985 5976        rspndr - ok
22:40:03.0079 5976        RS_Service      (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
22:40:03.0125 5976        RS_Service - ok
22:40:03.0157 5976        SamSs          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:40:03.0172 5976        SamSs - ok
22:40:03.0203 5976        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:40:03.0219 5976        sbp2port - ok
22:40:03.0266 5976        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:40:03.0344 5976        SCardSvr - ok
22:40:03.0359 5976        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:40:03.0422 5976        scfilter - ok
22:40:03.0547 5976        Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
22:40:03.0640 5976        Schedule - ok
22:40:03.0671 5976        SCPolicySvc    (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:40:03.0718 5976        SCPolicySvc - ok
22:40:03.0749 5976        SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
22:40:03.0843 5976        SDRSVC - ok
22:40:03.0921 5976        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:40:03.0999 5976        secdrv - ok
22:40:04.0046 5976        seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
22:40:04.0124 5976        seclogon - ok
22:40:04.0155 5976        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:40:04.0202 5976        SENS - ok
22:40:04.0217 5976        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:40:04.0264 5976        SensrSvc - ok
22:40:04.0280 5976        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:40:04.0295 5976        Serenum - ok
22:40:04.0327 5976        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:40:04.0358 5976        Serial - ok
22:40:04.0405 5976        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:40:04.0405 5976        sermouse - ok
22:40:04.0451 5976        SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
22:40:04.0498 5976        SessionEnv - ok
22:40:04.0529 5976        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:40:04.0592 5976        sffdisk - ok
22:40:04.0607 5976        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:40:04.0654 5976        sffp_mmc - ok
22:40:04.0670 5976        sffp_sd        (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
22:40:04.0717 5976        sffp_sd - ok
22:40:04.0748 5976        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:40:04.0779 5976        sfloppy - ok
22:40:04.0841 5976        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:40:04.0935 5976        SharedAccess - ok
22:40:04.0997 5976        ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
22:40:05.0060 5976        ShellHWDetection - ok
22:40:05.0091 5976        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:40:05.0122 5976        SiSRaid2 - ok
22:40:05.0122 5976        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:40:05.0138 5976        SiSRaid4 - ok
22:40:05.0450 5976        Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:40:05.0575 5976        Skype C2C Service - ok
22:40:05.0699 5976        SkypeUpdate    (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:40:05.0731 5976        SkypeUpdate - ok
22:40:05.0871 5976        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:40:05.0949 5976        Smb - ok
22:40:05.0996 5976        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:40:06.0027 5976        SNMPTRAP - ok
22:40:06.0058 5976        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:40:06.0074 5976        spldr - ok
22:40:06.0136 5976        Spooler        (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
22:40:06.0214 5976        Spooler - ok
22:40:06.0885 5976        sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
22:40:06.0994 5976        sppsvc - ok
22:40:07.0119 5976        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:40:07.0166 5976        sppuinotify - ok
22:40:07.0337 5976        SQLAgent$SQLEXPRESS (45e65fb17a4cd5facbd3ca16c8334c82) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
22:40:07.0369 5976        SQLAgent$SQLEXPRESS - ok
22:40:07.0509 5976        SQLBrowser      (10d936dced9eacd1a1b3fcdda6d7a4eb) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:40:07.0540 5976        SQLBrowser - ok
22:40:07.0649 5976        SQLWriter      (f92e5f93be572b512da3c016b675ede0) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:40:07.0681 5976        SQLWriter - ok
22:40:07.0774 5976        srv            (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:40:07.0837 5976        srv - ok
22:40:07.0899 5976        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:40:07.0961 5976        srv2 - ok
22:40:08.0008 5976        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:40:08.0055 5976        srvnet - ok
22:40:08.0102 5976        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:40:08.0180 5976        SSDPSRV - ok
22:40:08.0195 5976        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:40:08.0242 5976        SstpSvc - ok
22:40:08.0320 5976        Steam Client Service - ok
22:40:08.0367 5976        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:40:08.0383 5976        stexstor - ok
22:40:08.0492 5976        stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
22:40:08.0523 5976        stisvc - ok
22:40:08.0539 5976        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:40:08.0554 5976        swenum - ok
22:40:08.0663 5976        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:40:08.0710 5976        swprv - ok
22:40:08.0788 5976        SynTP          (ce9b5a79aee330bc7e88c0441e5727bb) C:\Windows\system32\DRIVERS\SynTP.sys
22:40:08.0819 5976        SynTP - ok
22:40:09.0053 5976        SysMain        (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
22:40:09.0147 5976        SysMain - ok
22:40:09.0256 5976        TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
22:40:09.0303 5976        TabletInputService - ok
22:40:09.0350 5976        TapiSrv        (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
22:40:09.0412 5976        TapiSrv - ok
22:40:09.0428 5976        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:40:09.0490 5976        TBS - ok
22:40:09.0693 5976        Tcpip          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
22:40:09.0818 5976        Tcpip - ok
22:40:10.0099 5976        TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
22:40:10.0161 5976        TCPIP6 - ok
22:40:10.0239 5976        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:40:10.0301 5976        tcpipreg - ok
22:40:10.0317 5976        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:40:10.0411 5976        TDPIPE - ok
22:40:10.0442 5976        TDTCP          (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
22:40:10.0489 5976        TDTCP - ok
22:40:10.0520 5976        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:40:10.0598 5976        tdx - ok
22:40:10.0629 5976        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:40:10.0629 5976        TermDD - ok
22:40:10.0738 5976        TermService    (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
22:40:10.0816 5976        TermService - ok
22:40:10.0847 5976        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:40:10.0894 5976        Themes - ok
22:40:10.0910 5976        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:40:10.0972 5976        THREADORDER - ok
22:40:10.0988 5976        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:40:11.0050 5976        TrkWks - ok
22:40:11.0128 5976        TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
22:40:11.0175 5976        TrustedInstaller - ok
22:40:11.0191 5976        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:11.0237 5976        tssecsrv - ok
22:40:11.0269 5976        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:40:11.0347 5976        tunnel - ok
22:40:11.0378 5976        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:40:11.0393 5976        uagp35 - ok
22:40:11.0409 5976        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
22:40:11.0425 5976        UBHelper - ok
22:40:11.0456 5976        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:40:11.0549 5976        udfs - ok
22:40:11.0581 5976        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:40:11.0596 5976        UI0Detect - ok
22:40:11.0643 5976        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:40:11.0659 5976        uliagpkx - ok
22:40:11.0690 5976        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:40:11.0737 5976        umbus - ok
22:40:11.0783 5976        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:40:11.0799 5976        UmPass - ok
22:40:12.0049 5976        UNS            (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:40:12.0158 5976        UNS ( UnsignedFile.Multi.Generic ) - warning
22:40:12.0158 5976        UNS - detected UnsignedFile.Multi.Generic (1)
22:40:12.0251 5976        Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:40:12.0298 5976        Updater Service - ok
22:40:12.0454 5976        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:40:12.0548 5976        upnphost - ok
22:40:12.0626 5976        usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:40:12.0657 5976        usbaudio - ok
22:40:12.0704 5976        usbccgp        (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:12.0751 5976        usbccgp - ok
22:40:12.0813 5976        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:40:12.0829 5976        usbcir - ok
22:40:12.0860 5976        usbehci        (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
22:40:12.0875 5976        usbehci - ok
22:40:12.0938 5976        usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
22:40:12.0953 5976        usbhub - ok
22:40:13.0000 5976        usbohci        (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
22:40:13.0000 5976        usbohci - ok
22:40:13.0031 5976        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:40:13.0078 5976        usbprint - ok
22:40:13.0109 5976        USBSTOR        (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:13.0187 5976        USBSTOR - ok
22:40:13.0219 5976        usbuhci        (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
22:40:13.0250 5976        usbuhci - ok
22:40:13.0312 5976        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
22:40:13.0375 5976        usbvideo - ok
22:40:13.0406 5976        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:40:13.0453 5976        UxSms - ok
22:40:13.0484 5976        VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:40:13.0515 5976        VaultSvc - ok
22:40:13.0546 5976        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:40:13.0562 5976        vdrvroot - ok
22:40:13.0609 5976        vds            (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
22:40:13.0655 5976        vds - ok
22:40:13.0671 5976        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:13.0702 5976        vga - ok
22:40:13.0718 5976        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:40:13.0780 5976        VgaSave - ok
22:40:13.0796 5976        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:40:13.0811 5976        vhdmp - ok
22:40:13.0843 5976        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:40:13.0858 5976        viaide - ok
22:40:13.0874 5976        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:40:13.0889 5976        volmgr - ok
22:40:13.0936 5976        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:40:13.0952 5976        volmgrx - ok
22:40:13.0983 5976        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:40:14.0014 5976        volsnap - ok
22:40:14.0045 5976        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:40:14.0077 5976        vsmraid - ok
22:40:14.0233 5976        VSS            (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
22:40:14.0326 5976        VSS - ok
22:40:14.0467 5976        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:40:14.0482 5976        vwifibus - ok
22:40:14.0513 5976        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:40:14.0545 5976        vwififlt - ok
22:40:14.0623 5976        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:40:14.0701 5976        W32Time - ok
22:40:14.0732 5976        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:40:14.0779 5976        WacomPen - ok
22:40:14.0841 5976        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:14.0903 5976        WANARP - ok
22:40:14.0903 5976        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:14.0950 5976        Wanarpv6 - ok
22:40:15.0137 5976        wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
22:40:15.0247 5976        wbengine - ok
22:40:15.0403 5976        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:40:15.0434 5976        WbioSrvc - ok
22:40:15.0496 5976        wcncsvc        (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
22:40:15.0590 5976        wcncsvc - ok
22:40:15.0605 5976        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:40:15.0652 5976        WcsPlugInService - ok
22:40:15.0699 5976        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:40:15.0715 5976        Wd - ok
22:40:15.0777 5976        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:40:15.0839 5976        Wdf01000 - ok
22:40:15.0886 5976        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:40:15.0917 5976        WdiServiceHost - ok
22:40:15.0917 5976        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:40:15.0949 5976        WdiSystemHost - ok
22:40:16.0011 5976        WebClient      (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
22:40:16.0073 5976        WebClient - ok
22:40:16.0120 5976        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:40:16.0183 5976        Wecsvc - ok
22:40:16.0214 5976        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:40:16.0276 5976        wercplsupport - ok
22:40:16.0307 5976        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:40:16.0370 5976        WerSvc - ok
22:40:16.0448 5976        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:40:16.0510 5976        WfpLwf - ok
22:40:16.0526 5976        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:40:16.0541 5976        WIMMount - ok
22:40:16.0588 5976        WinDefend - ok
22:40:16.0588 5976        WinHttpAutoProxySvc - ok
22:40:16.0682 5976        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:40:16.0775 5976        Winmgmt - ok
22:40:16.0963 5976        WinRM          (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
22:40:17.0103 5976        WinRM - ok
22:40:17.0290 5976        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:40:17.0306 5976        WinUsb - ok
22:40:17.0493 5976        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:40:17.0555 5976        Wlansvc - ok
22:40:17.0633 5976        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:40:17.0649 5976        wlcrasvc - ok
22:40:17.0930 5976        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:40:18.0039 5976        wlidsvc - ok
22:40:18.0164 5976        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:40:18.0195 5976        WmiAcpi - ok
22:40:18.0273 5976        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:40:18.0335 5976        wmiApSrv - ok
22:40:18.0382 5976        WMPNetworkSvc - ok
22:40:18.0413 5976        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:40:18.0445 5976        WPCSvc - ok
22:40:18.0491 5976        WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
22:40:18.0554 5976        WPDBusEnum - ok
22:40:18.0585 5976        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:40:18.0632 5976        ws2ifsl - ok
22:40:18.0663 5976        wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
22:40:18.0725 5976        wscsvc - ok
22:40:18.0741 5976        WSearch - ok
22:40:18.0975 5976        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:40:19.0084 5976        wuauserv - ok
22:40:19.0256 5976        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:40:19.0303 5976        WudfPf - ok
22:40:19.0349 5976        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:19.0412 5976        WUDFRd - ok
22:40:19.0443 5976        wudfsvc        (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
22:40:19.0552 5976        wudfsvc - ok
22:40:19.0615 5976        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:40:19.0661 5976        WwanSvc - ok
22:40:19.0739 5976        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:40:20.0207 5976        \Device\Harddisk0\DR0 - ok
22:40:20.0207 5976        Boot (0x1200)  (44101f44101f000ab99cf92604fb59f8) \Device\Harddisk0\DR0\Partition0
22:40:20.0223 5976        \Device\Harddisk0\DR0\Partition0 - ok
22:40:20.0239 5976        Boot (0x1200)  (d2135d601e3b41ed543901ad0b93fc55) \Device\Harddisk0\DR0\Partition1
22:40:20.0254 5976        \Device\Harddisk0\DR0\Partition1 - ok
22:40:20.0270 5976        Boot (0x1200)  (4b7bd285c2dcf71fc0388f5031b55066) \Device\Harddisk0\DR0\Partition2
22:40:20.0270 5976        \Device\Harddisk0\DR0\Partition2 - ok
22:40:20.0270 5976        ============================================================
22:40:20.0270 5976        Scan finished
22:40:20.0270 5976        ============================================================
22:40:20.0285 6868        Detected object count: 6
22:40:20.0285 6868        Actual detected object count: 6
22:40:32.0500 6868        Akamai ( HiddenFile.Multi.Generic ) - skipped by user
22:40:32.0500 6868        Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
22:40:32.0500 6868        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:32.0500 6868        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:32.0500 6868        LMS ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:32.0500 6868        LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:32.0500 6868        NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:32.0500 6868        NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:32.0516 6868        RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:32.0516 6868        RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:32.0516 6868        UNS ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:32.0516 6868        UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß Christian

cosinus 13.07.2012 22:11
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ChrissCross6 14.07.2012 13:25
Hey,

super, danke :) habe ComboFix ausgeführt und die Fehlermeldung beim Starten des Pc's ist jetzt weg. Hier ist die Log Datei von ComboFix:

Code:
ComboFix 12-07-13.03 - Home 14.07.2012  12:36:18.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3767.2090 [GMT 2:00]
ausgeführt von:: c:\users\Home\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\users\Public\Documents\NTILiveUpdate.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-14 bis 2012-07-14  ))))))))))))))))))))))))))))))
.
.
2012-07-14 10:50 . 2012-07-14 10:50        --------        d-----w-        c:\users\Internet\AppData\Local\temp
2012-07-14 10:50 . 2012-07-14 10:50        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-14 10:42 . 2012-07-14 10:42        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2066B171-EC4F-4619-A36D-9D4A3C18880E}\offreg.dll
2012-07-13 10:06 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2066B171-EC4F-4619-A36D-9D4A3C18880E}\mpengine.dll
2012-07-13 09:24 . 2012-07-13 09:24        --------        d-----w-        C:\_OTL
2012-07-12 01:14 . 2012-06-12 03:02        3147264        ----a-w-        c:\windows\system32\win32k.sys
2012-07-11 16:36 . 2012-06-06 05:50        2003968        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-11 16:36 . 2012-06-06 05:50        1880064        ----a-w-        c:\windows\system32\msxml3.dll
2012-07-11 16:36 . 2012-06-06 05:09        1389568        ----a-w-        c:\windows\SysWow64\msxml6.dll
2012-07-11 16:36 . 2012-06-06 05:09        1236992        ----a-w-        c:\windows\SysWow64\msxml3.dll
2012-07-11 16:35 . 2012-06-02 05:38        95088        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-07-11 16:35 . 2012-06-02 05:38        152432        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 16:35 . 2012-06-02 05:37        459216        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-07-11 16:35 . 2012-06-02 05:27        340992        ----a-w-        c:\windows\system32\schannel.dll
2012-07-11 16:35 . 2012-06-02 05:27        307200        ----a-w-        c:\windows\system32\ncrypt.dll
2012-07-11 16:35 . 2012-06-02 04:48        225280        ----a-w-        c:\windows\SysWow64\schannel.dll
2012-07-11 16:35 . 2012-06-02 04:47        219136        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2012-07-11 16:35 . 2012-06-02 04:48        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2012-07-11 16:35 . 2012-06-02 04:42        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2012-07-11 16:35 . 2012-06-06 05:50        1425408        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 16:35 . 2012-06-06 05:09        987136        ----a-w-        c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-07 15:25 . 2012-07-07 15:28        --------        d-----w-        c:\users\Home\AppData\Roaming\Red Alert 3
2012-07-06 15:17 . 2012-07-06 15:17        --------        d-----w-        c:\program files (x86)\ESET
2012-07-04 13:53 . 2012-07-04 13:53        --------        d-----w-        c:\users\Home\AppData\Roaming\Malwarebytes
2012-07-04 13:51 . 2012-07-04 13:51        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-04 13:51 . 2012-07-04 13:51        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-04 13:51 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-28 11:22 . 2012-06-28 11:22        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
2012-06-19 15:35 . 2012-06-19 15:35        4967624        ----a-w-        c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-19 11:51 . 2012-06-19 11:51        --------        d-----w-        c:\program files (x86)\MozBackup
2012-06-19 09:43 . 2012-07-11 20:34        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 09:43 . 2012-07-11 20:34        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 08:51 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-19 08:51 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-19 08:51 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-19 08:51 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-19 08:50 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-19 08:50 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-19 08:50 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-19 08:50 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-19 08:50 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-18 10:25 . 2012-06-18 10:25        --------        d-----w-        c:\users\Home\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 15:46 . 2011-02-16 16:58        107832        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-05-21 15:45 . 2011-02-16 16:58        66872        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-05-21 15:45 . 2011-02-16 16:58        2250024        ----a-w-        c:\windows\SysWow64\pbsvc.exe
2012-05-13 18:02 . 2011-07-03 17:22        280736        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-05-13 17:59 . 2011-02-16 16:58        215128        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-05-08 11:35 . 2012-01-09 15:27        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 11:35 . 2012-01-09 15:27        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-04 10:52 . 2012-06-13 17:00        5505392        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 17:00        3958128        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 17:00        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-03 02:54 . 2012-05-03 02:54        42392        ----a-w-        c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:54 . 2012-05-03 02:54        28056        ----a-w-        c:\windows\system32\xfcodec64.dll
2012-05-02 05:32 . 2012-06-13 17:00        208896        ----a-w-        c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 17:00        204800        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 17:00        76288        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 17:00        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 17:00        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 17:00        182272        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 17:00        1460224        ----a-w-        c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 17:00        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 17:00        139264        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 17:00        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 17:00        1156608        ----a-w-        c:\windows\SysWow64\crypt32.dll
2011-12-07 09:41 . 2011-12-08 12:42        3539040        ----a-w-        c:\program files\Alwil Softw
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-14 39408]
"Steam"="a:\spiele\Steam\steam.exe" [2011-08-11 1242448]
"Akamai NetSession Interface"="c:\users\Home\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-04-23 124136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-5-14 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-26 1125152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 135664]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-05 335400]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464]
R3 dump_wmimmc;dump_wmimmc;c:\program files\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 135664]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2010-03-08 97368]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-11-19 107096]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2010-09-13 182872]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-22 254528]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-20 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-04-23 820768]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-04-21 6406144]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-20 188928]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-04-20 10322848]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 20:34]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 13:35]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 13:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-20 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-20 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-20 413720]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-04-23 496160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27360111t516l0453z115t6611k53o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\k2e0147e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Age of Conan_is1 - c:\program files (x86)\Funcom\Age of Conan\unins000.exe
AddRemove-FUSSBALL MANAGER 11 DEMO - a:\spiele\FM11Demo\eauninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Steam App 10530 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 20510 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 550 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 91600 - c:\program files (x86)\Steam\steam.exe
AddRemove-TalonRO_is1 - c:\spiele\TalonRO\RO\unins000.exe
AddRemove-Winter Sports 2011_is1 - c:\program files (x86)\Winter Sports 2011\unins000.exe
AddRemove-{195C3D8C-1468-42F9-B169-110E79062D62}_is1 - a:\spiele\Godlike-RO\unins000.exe
AddRemove-{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1 - c:\program files (x86)\Mein Gutscheincode Finder\unins000.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files (x86)\Pando Networks\Media Booster\uninst.exe
AddRemove-bet365casino - c:\casino\Casino at bet365\_SetupCasino_a616b8.exe
AddRemove-OldschoolRO - a:\spiele\RO - Kopie\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-907013825-1055173690-614559143-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-907013825-1055173690-614559143-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-907013825-1055173690-614559143-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1f,a2,26,c1,c3,02,4f,29,5c,17,0c,3b,4c,b6,65,b6,ea,d6,a5,41,06,14,1d,
  f7,05,c3,c7,20,79,11,98,da,ac,a6,dc,76,f2,e6,d0,9d,5e,66,72,59,51,91,fb,00,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-907013825-1055173690-614559143-1001\Software\SecuROM\License information*]
"datasecu"=hex:b5,98,b5,b6,7c,f0,00,dc,af,4f,c3,03,4c,b0,87,cd,a2,96,d8,90,16,
  ec,f0,8c,34,68,59,d3,6e,2d,b2,b8,7d,97,ec,d1,7d,8e,46,15,a3,e6,4d,1c,0c,2b,\
"rkeysecu"=hex:22,73,f5,fc,76,ca,35,b2,2e,50,da,5b,ad,a8,8f,46
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-14  13:15:18
ComboFix-quarantined-files.txt  2012-07-14 11:15
.
Vor Suchlauf: 21 Verzeichnis(se), 78.162.345.984 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 77.645.312.000 Bytes frei
.
- - End Of File - - 2D789F75D9B98ED3C0F6A67A721DF274
Gruß Christian

cosinus 14.07.2012 15:23
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

ChrissCross6 16.07.2012 13:15
Hey,

sorry hat ein bisschen länger gedauert hatte noch eine Prüfung. :)
Hier sind die Logs:

GMER:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-16 14:10:22
Windows 6.1.7600 
Running: sq5pcnsy.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313b8238d                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313b8238d (not active ControlSet) 

---- EOF - GMER 1.0.15 ----
OSAM:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:18:36 on 16.07.2012

OS: Windows 7 Home Premium Edition (Build 7600), 64-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL
"Pando" - "Pando Networks" - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - ? - C:\Windows\system32\Drivers\CVPNDRVA.sys  (File found, but it contains no detailed information)
"dump_wmimmc" (dump_wmimmc) - ? - C:\Program Files\eFusion\BlackShot\system\GameGuard\dump_wmimmc.sys  (File not found)
"EagleX64" (EagleX64) - ? - C:\Windows\system32\drivers\EagleX64.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"Mkd2Bthf" (Mkd2Bthf) - "AhnLab, Inc." - C:\Windows\System32\drivers\Mkd2Bthf.sys
"Mkd2Nadr" (Mkd2Nadr) - "AhnLab, Inc." - C:\Windows\System32\drivers\Mkd2Nadr.sys
"Mkd3kfNt" (Mkd3kfNt) - "AhnLab, Inc." - C:\Windows\System32\drivers\Mkd3kfNt.sys
"NPPTNT2" (NPPTNT2) - ? - C:\Windows\system32\npptNT2.sys  (File not found)
"NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - ? - C:\Windows\System32\drivers\RTKVHD64.sys  (File not found)
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{D1F8BD1E-7967-11D2-B43A-006094B9EADB} "SAP HTML Pluggable Protocol" - "SAP, Walldorf" - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll
{D1F8BD1E-7967-11D2-B43A-006094B9EADB} "SAP HTML Pluggable Protocol" - "SAP, Walldorf" - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -  (File not found | COM-object registry key not found)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files (x86)\real\realplayer\rpshell.dll
{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files (x86)\WinRAR\rarext.dll
{B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{063F7D71-5E0B-48F2-87D5-F63C5917947E} "Aosmgr Control" - "AhnLab, Inc." - C:\PROGRA~2\AhnLab\ASP\COMPON~1\aosmgr\aosmgr.ocx / hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
{CC450D71-CC90-424C-8638-1F2DBAC87A54} "ArmHelper Control" - ? - ./Images/armhelper.ocx  (File not found) / file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/armhelper.ocx
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{149E45D8-163E-4189-86FC-45022AB2B6C9} "SpinTop DRM Control" - "SpinTop Media Inc." - C:\Windows\Downloaded Program Files\stg_drm.ocx / file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/stg_drm.ocx
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
{48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
"Senden an Bluetooth" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Acer VCM.lnk" - "Acer Incorporated" - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Bluetooth.lnk" - ? - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Akamai NetSession Interface" - "Akamai Technologies, Inc" - "C:\Users\Home\AppData\Local\Akamai\netsession_win.exe"
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"Steam" - "Valve Corporation" - "A:\Spiele\Steam\steam.exe" -silent
"swg" - "Google Inc." - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ArcadeMovieService" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
"EgisTecPMMUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"EgisUpdate" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MDS_Menu" - "CyberLink Corp." - "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SuiteTray" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Acer ODD Power Service" (ODDPwrSvc) - "Acer Incorporated" - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Akamai NetSession Interface" (Akamai) - "Akamai Technologies, Inc" - c:\program files (x86)\common files\akamai\netsession_win_4f7fccd.dll
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
"BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
"nProtect GameGuard Service" (npggsvc) - ? - C:\Windows\system32\GameMon.des -service  (File not found)
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe  (File not found)
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
"Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-16 13:26:59
-----------------------------
13:26:59.869    OS Version: Windows x64 6.1.7600
13:26:59.869    Number of processors: 4 586 0x2502
13:26:59.869    ComputerName: HOME-PC  UserName: Home
13:27:01.089    Initialize success
13:27:06.881    AVAST engine defs: 12071600
13:28:12.151    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:28:12.161    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
13:28:12.221    Disk 0 MBR read successfully
13:28:12.221    Disk 0 MBR scan
13:28:12.231    Disk 0 Windows 7 default MBR code
13:28:12.241    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
13:28:12.271    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27265024
13:28:12.291    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      231828 MB offset 27469824
13:28:12.301    Disk 0 Partition - 00    0F Extended LBA            231698 MB offset 502253568
13:28:12.321    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      231697 MB offset 502255616
13:28:12.361    Disk 0 scanning C:\Windows\system32\drivers
13:28:24.900    Service scanning
13:29:03.732    Modules scanning
13:29:04.062    Disk 0 trace - called modules:
13:29:04.102    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
13:29:04.112    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c64060]
13:29:04.112    3 CLASSPNP.SYS[fffff88001a9343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049aa050]
13:29:04.122    Scan finished successfully
13:30:49.295    Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
13:30:49.295    The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
Gruß Christian

cosinus 16.07.2012 16:33
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

ChrissCross6 17.07.2012 12:43
Hey,

okay klingt ja schon mal gut, :) hier sind noch die beide Vollscans:

Malwarebytes:

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.17.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Home :: HOME-PC [Administrator]

Schutz: Aktiviert

17.07.2012 11:08:22
mbam-log-2012-07-17 (11-08-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 624235
Laufzeit: 2 Stunde(n), 19 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
SUPERAntiSpyware:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/16/2012 at 10:42 PM

Application Version : 5.5.1006

Core Rules Database Version : 8907
Trace Rules Database Version: 6719

Scan type      : Complete Scan
Total Scan Time : 02:13:07

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator

Memory items scanned      : 857
Memory threats detected  : 0
Registry items scanned    : 69386
Registry threats detected : 0
File items scanned        : 141311
File threats detected    : 459

Adware.Tracking Cookie
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\MTIKVEXY.txt [ /atdmt.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\R4UIOVAX.txt [ /tracking.quisma.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\SZ115G2T.txt [ /fastclick.net ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\B594BWHR.txt [ /c.atdmt.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\30CU9Q0D.txt [ /ad.zanox.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\K130K4JY.txt [ /mediaplex.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\QFWIDD3C.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\OU0RCQOD.txt [ /apmebf.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\R3DDYJPW.txt [ /imrworldwide.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\YK74671Q.txt [ /adfarm1.adition.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\WK3ZOQU8.txt [ /zanox.com ]
        C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\VB0U0UI3.txt [ /ad1.adfarm1.adition.com ]
        C:\USERS\HOME\Cookies\MTIKVEXY.txt [ Cookie:home@atdmt.com/ ]
        C:\USERS\HOME\Cookies\SZ115G2T.txt [ Cookie:home@fastclick.net/ ]
        C:\USERS\HOME\Cookies\B594BWHR.txt [ Cookie:home@c.atdmt.com/ ]
        C:\USERS\HOME\Cookies\30CU9Q0D.txt [ Cookie:home@ad.zanox.com/ ]
        C:\USERS\HOME\Cookies\K130K4JY.txt [ Cookie:home@mediaplex.com/ ]
        C:\USERS\HOME\Cookies\QFWIDD3C.txt [ Cookie:home@ad2.adfarm1.adition.com/ ]
        C:\USERS\HOME\Cookies\OU0RCQOD.txt [ Cookie:home@apmebf.com/ ]
        C:\USERS\HOME\Cookies\R3DDYJPW.txt [ Cookie:home@imrworldwide.com/cgi-bin ]
        C:\USERS\HOME\Cookies\YK74671Q.txt [ Cookie:home@adfarm1.adition.com/ ]
        C:\USERS\HOME\Cookies\WK3ZOQU8.txt [ Cookie:home@zanox.com/ ]
        C:\USERS\HOME\Cookies\VB0U0UI3.txt [ Cookie:home@ad1.adfarm1.adition.com/ ]
        delivery.ibanner.de [ C:\USERS\HOME\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VMFBM8J6 ]
        .doubleclick.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        tracking.mlsat02.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        tracking.sim-technik.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.moviepilot.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .game-advertising-online.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .technoratimedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .technoratimedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .oms.122.2o7.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        zbox.zanox.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        server.adformdsp.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adformdsp.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        advertising.finon.info [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tto2.traffictrack.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        forum.elitekingdoms.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        forum.elitekingdoms.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ads.saymedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adserver.adtechus.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .saymedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .saymedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tracking.mindshare.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        stats.gluxx.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6aelienajokq.stats.esomniture.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .stats.paypal.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        stats.bmw.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        stats.computecmedia.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        stats.bmw.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wnliagd5mkq.stats.esomniture.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2E0147E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        beacons.hottraffic.nl [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        www.nettrack.nl [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .kpn.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .kpn.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .kpn.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .kpn.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .edgeadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .edgeadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .view.atdmt.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .conversioncompany.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .conversioncompany.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .conversioncompany.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .conversioncompany.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .ffdthuisapotheek.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .ffdthuisapotheek.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .ffdthuisapotheek.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .ffdthuisapotheek.solution.weborama.fr [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHCHF2II.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Skelten[Ex]
        C:\SERVER\EATHENA\TOOLS\DIFF PATCHER\K3DTDIFFPATCHER_BETA.EXE

Heur.Agent/Gen-WhiteBox
        C:\SPIELE\TOM CLANCYS RAINBOW SIX_DOWNLOADER.EXE

Trojan.Agent/Gen-Sisproc
        C:\WINDOWS\IFINST27.EXE
Gruß Christian

cosinus 18.07.2012 11:26
Code:
Trojan.Agent/Gen-Skelten[Ex]
        C:\SERVER\EATHENA\TOOLS\DIFF PATCHER\K3DTDIFFPATCHER_BETA.EXE

Heur.Agent/Gen-WhiteBox
        C:\SPIELE\TOM CLANCYS RAINBOW SIX_DOWNLOADER.EXE

Trojan.Agent/Gen-Sisproc
        C:\WINDOWS\IFINST27.EXE
Sind dir diese Dateien bekannt?

ChrissCross6 18.07.2012 11:39
Hey,

also der Diff Patcher und das Spiel ja, sprich die ersten beiden, aber das letzte hab ich noch nie gesehen keine Ahnung was das ist. ^o^

Gruß Christian

cosinus 18.07.2012 19:28
Kannst du mir alle drei Dateien mal zusammen in eine zip Datei packen und bei uns hochladen? => http://www.trojaner-board.de/54791-a...ner-board.html

ChrissCross6 18.07.2012 21:55
Hey,

ja hab alle 3 Dateien als .rar Datei hochgeladen hoffe das passt so. :)

Gruß Christian


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:35 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131