Trojaner-Board - Live Security Platinum

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Live Security Platinum - vollständig entfernen (https://www.trojaner-board.de/122197-live-security-platinum-vollstaendig-entfernen.html)

Live Security Platinum - vollständig entfernen

Hi!

Leider habe ich diesen Live Security Platinum Virus auf meinem Rechner.
Es wäre sehr nett, wenn Ihr mir helfen und sagen könntet, was ich tun soll, damit der Virus komplett von meinem Rechner entfernt wird.

Bisher habe ich Folgendes gemacht:

Ich habe mit dem Programm Sardu einen bootfähigen USB-Stick mit Antivir erstellt, den Rechner über den USB-Stick gebootet und die infizierten Daten löschen lassen.
Dann habe ich mit Malwarebytes Anti-Malware einen Scan gemacht, mit der Einstellung, dass die infizierten Dateien in Quarantäne sollen.
Hier ist das Log von Malwarebytes:

Code:

 Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.07.03.05
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Laney :: TORNADO [Administrator]
 

14.08.2012 16:35:34

mbam-log-2012-08-14 (16-35-34).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 373229

Laufzeit: 53 Minute(n), 27 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 2

HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U\800000cb.@.vir (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

 Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.08.14.06
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Laney :: TORNADO [Administrator]
 

14.08.2012 21:41:21

mbam-log-2012-08-14 (21-41-21).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 361113

Laufzeit: 1 Stunde(n), 40 Minute(n), 31 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 1

C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 3

C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Danach habe ich die Schlüssel in der Registry in deren Namen Live Security Platinum vorkam per Hand gelöscht.

Dann habe ich den ESET Online Scanner verwendet, wie es hier im Forum beschrieben wird,
hier das Log:

Code:

 ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=56dc201eb7f8b2429164b3f3141dabb4

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-15 10:20:49

# local_time=2012-08-15 12:20:49 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 9642451 9642451 0 0

# compatibility_mode=5893 16776574 66 94 409491 96646556 0 0

# compatibility_mode=8192 67108863 100 0 91 91 0 0

# compatibility_mode=9217 16777214 75 4 4478678 4478678 0 0

# scanned=150080

# found=0

# cleaned=0

# scan_time=10684

Danach bahe ich den defogger von jpshortstuff wie beschrieben ausgeführt und den OTL von Oldtimer,
das "Extra"-Log ist angehangen, hier dasOTL-Log,:

Code:

 

TL logfile created on: 15.08.2012 12:37:24 - Run 1

OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Laney\Desktop

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,96 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 51,34% Memory free

3,92 Gb Paging File | 2,73 Gb Available in Paging File | 69,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,25 Gb Total Space | 1,92 Gb Free Space | 1,33% Space Free | Partition Type: NTFS

 

Computer Name: TORNADO | User Name: Laney | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.08.15 12:35:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe

PRC - [2012.08.08 18:24:18 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012.07.09 16:53:15 | 000,935,008 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

PRC - [2012.07.09 16:53:12 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe

PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe

PRC - [2012.05.08 17:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 17:51:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.08 17:51:45 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.04.30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2012.03.05 11:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011.10.04 04:04:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE

PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.12.03 18:19:50 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe

PRC - [2010.12.03 18:19:32 | 000,258,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe

PRC - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2010.07.21 19:21:00 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe

PRC - [2010.06.16 17:19:06 | 000,269,824 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

PRC - [2010.06.16 17:19:06 | 000,008,704 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe

PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe

PRC - [2009.11.24 08:59:50 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe

PRC - [2009.10.25 13:25:18 | 000,338,432 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMProcess.exe

PRC - [2009.10.09 16:47:52 | 001,821,696 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMWDSrv.exe

PRC - [2009.08.07 05:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe

PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe

PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

PRC - [2008.06.14 01:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMCONFIG.exe

PRC - [2008.05.30 01:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\StartAutorun.exe

PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.07.09 16:53:16 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll

MOD - [2012.07.09 16:53:12 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe

MOD - [2012.06.13 13:58:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll

MOD - [2012.06.13 13:58:29 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll

MOD - [2012.06.13 13:57:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012.06.13 13:57:47 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012.05.10 16:09:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll

MOD - [2012.05.10 15:51:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012.05.10 15:51:00 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll

MOD - [2012.05.10 15:50:58 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll

MOD - [2012.05.10 15:49:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll

MOD - [2012.05.10 15:49:01 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll

MOD - [2012.05.10 15:48:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012.05.10 15:48:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012.05.10 15:48:52 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012.05.10 15:48:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011.10.04 04:04:00 | 000,054,784 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL

MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2011.05.22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll

MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll

MOD - [2008.06.16 09:06:10 | 000,053,248 | ---- | M] () -- C:\Programme\Mouse Driver\MouseHook.dll

MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Programme\Mouse Driver\keydll.dll

MOD - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.07.28 09:26:39 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012.07.11 11:09:33 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)

SRV - [2012.07.09 16:53:15 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)

SRV - [2012.06.21 15:58:50 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

SRV - [2012.05.08 17:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 17:51:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.04.30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2012.03.05 11:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011.10.04 04:04:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)

SRV - [2011.10.04 04:04:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)

SRV - [2011.10.04 04:04:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011.07.11 18:17:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)

SRV - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010.06.16 17:19:06 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)

SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)

SRV - [2009.10.09 16:47:52 | 001,821,696 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)

SRV - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.06.06 15:54:40 | 000,017,328 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\easytthr.sys -- (easytether)

DRV - [2012.05.08 17:51:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.08 17:51:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.04.30 21:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2011.10.04 04:04:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)

DRV - [2011.10.04 04:04:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)

DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.06.24 11:49:30 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)

DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)

DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)

DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV - [2011.05.07 18:51:28 | 000,455,256 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2011.01.13 14:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)

DRV - [2011.01.13 14:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)

DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)

DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010.09.27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2010.06.14 12:37:56 | 000,194,048 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)

DRV - [2010.06.14 12:37:56 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)

DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)

DRV - [2009.10.09 15:55:34 | 000,022,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)

DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.09.10 15:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2009.08.21 13:59:22 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor)

DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2009.03.13 14:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)

DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)

DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006.11.27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.7&sap=hp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 67 B5 6F 84 4F CD 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.7&sap=dsp&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B9833f522-ae17-4a9a-adca-f183bccc3f5a%7D&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&ds=od011&v=11.1.0.7&lang=de&pr=sa&d=2012-06-21%2018%3A55%3A33&sap=ku&q="

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 16:53:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.06.24 14:07:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 09:26:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 09:57:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 09:26:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011.06.24 10:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Extensions

[2011.06.24 10:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.08.09 17:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Firefox\Profiles\8bzrqklg.default\extensions

[2012.08.09 17:52:07 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Laney\AppData\Roaming\mozilla\Firefox\Profiles\8bzrqklg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

[2011.08.29 16:40:17 | 000,004,140 | ---- | M] () -- C:\Users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\searchplugins\youtube.xml

[2012.06.07 22:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.11.25 14:30:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.07.28 09:26:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.05.07 15:45:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.07.09 16:53:10 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2012.05.07 15:45:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.05.07 15:45:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.05.07 15:45:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.05.07 15:45:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.05.07 15:45:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)

O4 - HKLM..\Run: [ISW]  File not found

O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found

O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)

O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)

O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()

O4 - HKLM..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} hxxp://79.218.13.129:1080/RtspVaPgDec.cab (RtspVaPgCtrl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.102.158 80.69.100.102

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24FB3177-40D2-4833-8FD7-D160FDECAE8E}: DhcpNameServer = 80.69.102.158 80.69.100.102

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC974E05-87DD-47CC-B0F2-7BA917689391}: DhcpNameServer = 8.8.8.8 8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C96CAC45-EEC0-4585-A1EB-2DCC65662880}: NameServer = 10.11.230.3 10.11.230.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFF33C90-831A-4D4F-97B0-BE113A118823}: DhcpNameServer = 80.69.102.158 80.69.100.102

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun

O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun

O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.15 12:35:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe

[2012.08.15 09:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.08.15 09:18:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.08.14 16:33:19 | 000,000,000 | ---D | C] -- C:\Users\Laney\AppData\Roaming\Malwarebytes

[2012.08.14 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.08.14 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.08.14 16:33:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.08.14 16:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.08.13 19:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF61004F8DA102F9842FF875EF7E

[2012.08.07 20:26:48 | 000,000,000 | ---D | C] -- C:\Users\Laney\temp

[2012.07.24 18:17:22 | 000,000,000 | ---D | C] -- C:\Snag_India_2

[2012.07.22 12:53:35 | 000,000,000 | ---D | C] -- C:\Snag_India_Tables

[2012.07.21 15:08:05 | 000,000,000 | ---D | C] -- C:\Snag_India

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.15 12:35:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe

[2012.08.15 12:34:57 | 000,000,000 | ---- | M] () -- C:\Users\Laney\defogger_reenable

[2012.08.15 09:15:28 | 006,110,278 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.08.15 09:15:28 | 002,260,430 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.08.15 09:15:28 | 001,875,518 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.08.15 09:15:28 | 001,679,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.08.15 09:15:21 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.08.15 09:15:21 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.08.15 09:07:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.08.15 09:07:44 | 1577,803,776 | -HS- | M] () -- C:\hiberfil.sys

[2012.08.14 07:19:36 | 000,414,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.08.11 15:42:35 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2012.07.31 20:54:22 | 025,784,346 | ---- | M] () -- C:\Users\Laney\Desktop\M5Betriebdeutsch.pdf

 
 ========== Files Created - No Company Name ==========

 

[2012.08.15 12:34:57 | 000,000,000 | ---- | C] () -- C:\Users\Laney\defogger_reenable

[2012.07.31 20:54:18 | 025,784,346 | ---- | C] () -- C:\Users\Laney\Desktop\M5Betriebdeutsch.pdf

[2012.04.06 16:15:01 | 000,000,175 | ---- | C] () -- C:\Windows\ODBC.INI

[2012.02.11 23:20:57 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll

[2012.02.11 23:20:57 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll

[2012.01.11 19:48:46 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@

[2012.01.11 19:48:46 | 000,002,048 | -HS- | C] () -- C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@

[2011.11.16 12:57:56 | 000,001,458 | ---- | C] () -- C:\Users\Laney\.recently-used.xbel

[2011.06.24 14:27:49 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011.06.24 14:25:07 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7030.dat

[2011.06.24 14:23:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL

[2011.06.24 14:23:34 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI

[2011.06.24 13:14:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.06.24 12:24:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

[2011.06.24 12:24:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe

[2011.06.24 10:13:31 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2010.09.27 13:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[2010.06.15 13:20:14 | 000,157,470 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

 
 ========== LOP Check ==========

 

[2011.10.28 09:05:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\.ProjectViewer

[2012.07.07 13:23:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Amazon

[2012.06.24 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\CheckPoint

[2011.09.29 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1

[2012.08.14 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Dropbox

[2012.01.23 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\FileZilla

[2011.10.27 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\GetRightToGo

[2011.11.16 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\gtk-2.0

[2012.07.01 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Jumping Bytes

[2012.06.21 18:56:27 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\MyPhoneExplorer

[2012.06.21 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\OpenCandy

[2011.10.28 08:55:36 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PDF Writer

[2011.11.11 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PwrMgr

[2012.06.21 18:37:50 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Sony

[2011.06.25 15:37:00 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\TeamViewer

[2011.06.24 10:43:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Thunderbird

[2011.12.18 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Tracker Software

[2011.07.12 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Vodafone

[2012.04.28 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\{7AA05F48-9B52-4244-B296-F505ACBC5FD9}

[2012.08.09 20:44:15 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

Zum Schluss habe ich noch Gmer scannen lassen.
Das Log ist angehangen.

Vielen Dank schon mal für Eure Hilfe!
Laney

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Hallo Cosinus,
vielen Dank für Deine Hilfe!

Hier die Logdatei:

Code:

 

# AdwCleaner v1.801 - Logfile created 08/18/2012 at 12:00:57

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : Laney - TORNADO

# Boot Mode : Normal

# Running from : C:\Users\Laney\Desktop\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 

Found : vToolbarUpdater11.2.0
 

***** [Files / Folders] *****
 

Folder Found : C:\Users\Laney\AppData\Local\AVG Secure Search

Folder Found : C:\Users\Laney\AppData\Local\Temp\avg@toolbar

Folder Found : C:\Users\Laney\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\Laney\AppData\Roaming\OpenCandy

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\Program Files\AVG Secure Search

Folder Found : C:\Program Files\Common Files\AVG Secure Search

File Found : C:\Users\Laney\AppData\Local\Temp\Uninstall.exe

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
 

***** [Registry] *****
 

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\IGearSettings

Key Found : HKCU\Software\SweetIm

Key Found : HKLM\SOFTWARE\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\SOFTWARE\SweetIM

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 

***** [Registre - GUID] *****
 

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v8.0.7601.17514
 

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.7&sap=hp

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.12&sap=nt
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profile name : default 

File : C:\Users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\prefs.js
 

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.7");

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B9833f522-ae17-4a9a-adca-f183bccc3f5a%[...]
 

Profile name : default 

File : C:\Users\Sicherheit\AppData\Roaming\Mozilla\Firefox\Profiles\ukejlaf9.default\prefs.js
 

[OK] File is clean.
 

*************************
 

AdwCleaner[R1].txt - [6591 octets] - [18/08/2012 12:00:57]
 

########## EOF - C:\AdwCleaner[R1].txt - [6719 octets] ##########

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Hier das Log:

Code:

 

# AdwCleaner v1.801 - Logfile created 08/18/2012 at 15:07:56

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : Laney - TORNADO

# Boot Mode : Normal

# Running from : C:\Users\Laney\Desktop\adwcleaner.exe

# Option [Delete]
 
 

***** [Services] *****
 

Stopped & Deleted : vToolbarUpdater11.2.0
 

***** [Files / Folders] *****
 

Folder Deleted : C:\Users\Laney\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Laney\AppData\Local\Temp\avg@toolbar

Folder Deleted : C:\Users\Laney\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\Laney\AppData\Roaming\OpenCandy

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

File Deleted : C:\Users\Laney\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
 

***** [Registry] *****
 

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\SweetIm

Key Deleted : HKLM\SOFTWARE\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\SweetIM

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 

***** [Registre - GUID] *****
 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v8.0.7601.17514
 

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.7&sap=hp --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.12&sap=nt --> hxxp://www.google.com
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profile name : default 

File : C:\Users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\prefs.js
 

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.7");

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B9833f522-ae17-4a9a-adca-f183bccc3f5a%[...]
 

Profile name : default 

File : C:\Users\Sicherheit\AppData\Roaming\Mozilla\Firefox\Profiles\ukejlaf9.default\prefs.js
 

[OK] File is clean.
 

*************************
 

AdwCleaner[R1].txt - [6720 octets] - [18/08/2012 12:00:57]

AdwCleaner[S1].txt - [6865 octets] - [18/08/2012 15:07:56]
 

########## EOF - C:\AdwCleaner[S1].txt - [6993 octets] ##########

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Der normale Modus von Windows funktioniert.
Allerdings kann ich nicht ins Internet, wenn ich bei ZoneAlarm die Einstellungen für die öffentliche Zone auf hoch stelle. Wenn es auf mittel eingestellt ist, kann ich ganz normal ins Internet.
Im Startmenü fehlt nichts. Unter allen Programmen ist der Ordner "Afinion Project Viewer" leer. Das könnte allerdings auch schon so gewesen sein bevor ich die Probleme mit diesem Live Security Platinum hatte.
Vielen Dank und beste Grüße
Laney

Zitat:

wenn ich bei ZoneAlarm die Einstellungen für die öffentliche Zone auf hoch stelle.

ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten!

Ich habe ZoneAlarm jetzt deinstalliert.
Wenn ich die Windows-Firewall aktivieren will, kommt aber folgende Fehlermeldung:
"Einige der Einstellungen können von der Windows-Firewall nicht geändert werden.
Fehlercode 0x80070424".
Ich kann dann nichts anderes als OK drücken und die Firewall wird nicht aktiviert.

Vielen Dank und schöne Grüße
Laney

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo!

Hier die Logdatei:

OTL Logfile:

Code:

OTL logfile created on: 20.08.2012 22:08:13 - Run 2

OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Laney\Desktop

 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,96 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 67,73% Memory free

3,92 Gb Paging File | 2,88 Gb Available in Paging File | 73,60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,25 Gb Total Space | 2,78 Gb Free Space | 1,93% Space Free | Partition Type: NTFS

 

Computer Name: TORNADO | User Name: Laney | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.08.20 22:06:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe

PRC - [2012.08.08 18:24:18 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe

PRC - [2012.05.08 17:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 17:51:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.08 17:51:45 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.03.05 11:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011.10.04 04:04:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE

PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.12.03 18:19:50 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe

PRC - [2010.12.03 18:19:32 | 000,258,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe

PRC - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2010.07.21 19:21:00 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe

PRC - [2010.06.16 17:19:06 | 000,269,824 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

PRC - [2010.06.16 17:19:06 | 000,008,704 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe

PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe

PRC - [2009.11.24 08:59:50 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe

PRC - [2009.10.25 13:25:18 | 000,338,432 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMProcess.exe

PRC - [2009.10.09 16:47:52 | 001,821,696 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMWDSrv.exe

PRC - [2009.08.07 05:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe

PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

PRC - [2008.06.14 01:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMCONFIG.exe

PRC - [2008.05.30 01:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\StartAutorun.exe

PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.06.13 13:58:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll

MOD - [2012.06.13 13:58:29 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll

MOD - [2012.06.13 13:57:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012.06.13 13:57:47 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012.05.10 16:09:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll

MOD - [2012.05.10 15:51:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012.05.10 15:51:00 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll

MOD - [2012.05.10 15:50:58 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll

MOD - [2012.05.10 15:49:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll

MOD - [2012.05.10 15:49:01 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll

MOD - [2012.05.10 15:48:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012.05.10 15:48:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012.05.10 15:48:52 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012.05.10 15:48:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011.10.04 04:04:00 | 000,054,784 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL

MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2011.05.22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll

MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll

MOD - [2008.06.16 09:06:10 | 000,053,248 | ---- | M] () -- C:\Programme\Mouse Driver\MouseHook.dll

MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Programme\Mouse Driver\keydll.dll

MOD - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.07.28 09:26:39 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012.07.11 11:09:33 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)

SRV - [2012.05.08 17:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 17:51:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.03.05 11:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011.10.04 04:04:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)

SRV - [2011.10.04 04:04:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)

SRV - [2011.10.04 04:04:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011.07.11 18:17:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)

SRV - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010.06.16 17:19:06 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)

SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)

SRV - [2009.10.09 16:47:52 | 001,821,696 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)

SRV - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.06.06 15:54:40 | 000,017,328 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\easytthr.sys -- (easytether)

DRV - [2012.05.08 17:51:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.08 17:51:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.10.04 04:04:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)

DRV - [2011.10.04 04:04:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)

DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.06.24 11:49:30 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)

DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)

DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)

DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV - [2011.01.13 14:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)

DRV - [2011.01.13 14:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)

DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)

DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010.09.27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2010.06.14 12:37:56 | 000,194,048 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)

DRV - [2010.06.14 12:37:56 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)

DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)

DRV - [2009.10.09 15:55:34 | 000,022,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)

DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.09.10 15:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2009.08.21 13:59:22 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor)

DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2009.03.13 14:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)

DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)

DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006.11.27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

 

IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 67 B5 6F 84 4F CD 01  [binary data]

IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 09:26:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 09:57:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 09:26:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011.06.24 10:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Extensions

[2011.06.24 10:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.08.09 17:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Firefox\Profiles\8bzrqklg.default\extensions

[2012.08.09 17:52:07 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Laney\AppData\Roaming\mozilla\Firefox\Profiles\8bzrqklg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

[2011.08.29 16:40:17 | 000,004,140 | ---- | M] () -- C:\Users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\searchplugins\youtube.xml

[2012.06.07 22:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.11.25 14:30:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.07.28 09:26:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.05.07 15:45:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.05.07 15:45:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.05.07 15:45:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.05.07 15:45:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.05.07 15:45:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.05.07 15:45:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)

O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found

O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)

O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)

O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()

O4 - HKLM..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found

O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files\CheckPoint\Install\Launcher.exe" "C:\Program Files\CheckPoint\Install\Install.exe" /r  /c "C:\Program Files\CheckPoint\Install\Install.xml" File not found

O4 - HKU\S-1-5-21-742040360-1056019599-3321883329-1001..\Run: [Akamai NetSession Interface] C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} hxxp://79.218.13.129:1080/RtspVaPgDec.cab (RtspVaPgCtrl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.102.158 80.69.100.102

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C96CAC45-EEC0-4585-A1EB-2DCC65662880}: NameServer = 10.11.230.3 10.11.230.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFF33C90-831A-4D4F-97B0-BE113A118823}: DhcpNameServer = 80.69.102.158 80.69.100.102

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun

O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun

O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: Sharedaccess -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: wuauserv -  File not found

NetSvcs: BITS -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: EasyTether - hkey= - key= - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)

MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

MsConfig - State: "startup" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: BFE - Service

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MPSSvc - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: SharedAccess -  File not found

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.20 22:06:17 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe

[2012.08.19 18:53:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.08.15 09:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.08.14 16:33:19 | 000,000,000 | ---D | C] -- C:\Users\Laney\AppData\Roaming\Malwarebytes

[2012.08.14 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.08.14 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.08.14 16:33:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.08.14 16:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.08.13 19:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF61004F8DA102F9842FF875EF7E

[2012.08.07 20:26:48 | 000,000,000 | ---D | C] -- C:\Users\Laney\temp

[2012.07.24 18:17:22 | 000,000,000 | ---D | C] -- C:\Snag_India_2

[2012.07.22 12:53:35 | 000,000,000 | ---D | C] -- C:\Snag_India_Tables

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.20 22:06:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe

[2012.08.20 21:50:20 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.08.20 21:50:20 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.08.20 21:50:18 | 006,302,574 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.08.20 21:50:18 | 002,318,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.08.20 21:50:18 | 001,937,086 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.08.20 21:50:18 | 001,735,472 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.08.20 21:42:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.08.20 21:42:45 | 1577,803,776 | -HS- | M] () -- C:\hiberfil.sys

[2012.08.19 14:48:51 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2012.08.18 12:00:00 | 000,618,227 | ---- | M] () -- C:\Users\Laney\Desktop\adwcleaner.exe

[2012.08.15 12:46:59 | 000,302,592 | ---- | M] () -- C:\Users\Laney\Desktop\0hn0jums.exe

[2012.08.15 12:34:57 | 000,000,000 | ---- | M] () -- C:\Users\Laney\defogger_reenable

[2012.08.14 07:19:36 | 000,414,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.07.31 20:54:22 | 025,784,346 | ---- | M] () -- C:\Users\Laney\Desktop\M5Betriebdeutsch.pdf

 
 ========== Files Created - No Company Name ==========

 

[2012.08.18 11:59:55 | 000,618,227 | ---- | C] () -- C:\Users\Laney\Desktop\adwcleaner.exe

[2012.08.15 12:46:58 | 000,302,592 | ---- | C] () -- C:\Users\Laney\Desktop\0hn0jums.exe

[2012.08.15 12:34:57 | 000,000,000 | ---- | C] () -- C:\Users\Laney\defogger_reenable

[2012.07.31 20:54:18 | 025,784,346 | ---- | C] () -- C:\Users\Laney\Desktop\M5Betriebdeutsch.pdf

[2012.04.06 16:15:01 | 000,000,175 | ---- | C] () -- C:\Windows\ODBC.INI

[2012.02.11 23:20:57 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll

[2012.02.11 23:20:57 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll

[2012.01.11 19:48:46 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@

[2012.01.11 19:48:46 | 000,002,048 | -HS- | C] () -- C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@

[2011.11.16 12:57:56 | 000,001,458 | ---- | C] () -- C:\Users\Laney\.recently-used.xbel

[2011.06.24 14:27:49 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011.06.24 14:25:07 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7030.dat

[2011.06.24 14:23:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL

[2011.06.24 14:23:34 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI

[2011.06.24 13:14:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.06.24 12:24:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

[2011.06.24 12:24:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe

[2011.06.24 10:13:31 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2010.09.27 13:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[2010.06.15 13:20:14 | 000,157,470 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

 
 ========== LOP Check ==========

 

[2011.10.28 09:05:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\.ProjectViewer

[2012.07.07 13:23:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Amazon

[2012.06.24 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\CheckPoint

[2011.09.29 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1

[2012.08.14 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Dropbox

[2012.01.23 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\FileZilla

[2011.10.27 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\GetRightToGo

[2011.11.16 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\gtk-2.0

[2012.07.01 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Jumping Bytes

[2012.06.21 18:56:27 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\MyPhoneExplorer

[2011.10.28 08:55:36 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PDF Writer

[2011.11.11 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PwrMgr

[2012.06.21 18:37:50 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Sony

[2011.06.25 15:37:00 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\TeamViewer

[2011.06.24 10:43:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Thunderbird

[2011.12.18 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Tracker Software

[2011.07.12 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Vodafone

[2012.04.28 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\{7AA05F48-9B52-4244-B296-F505ACBC5FD9}

[2012.02.20 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\CheckPoint

[2012.02.20 22:35:20 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\PwrMgr

[2012.02.20 19:02:25 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\Vodafone

[2012.08.09 20:44:15 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.10.28 09:05:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\.ProjectViewer

[2012.02.20 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Adobe

[2012.07.07 13:23:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Amazon

[2012.04.25 19:01:30 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Avira

[2011.06.28 15:04:21 | 000,000,000 | R--D | M] -- C:\Users\Laney\AppData\Roaming\Brother

[2012.06.24 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\CheckPoint

[2011.09.29 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1

[2012.08.14 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Dropbox

[2012.08.18 10:00:50 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\dvdcss

[2012.01.23 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\FileZilla

[2011.07.12 08:57:45 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\FLEXnet

[2011.10.27 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\GetRightToGo

[2011.11.16 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\gtk-2.0

[2011.06.24 10:08:47 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Identities

[2011.06.24 14:22:45 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\InstallShield

[2012.07.01 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Jumping Bytes

[2012.02.17 11:08:05 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Macromedia

[2012.08.14 16:33:19 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Malwarebytes

[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Media Center Programs

[2012.07.11 12:31:02 | 000,000,000 | --SD | M] -- C:\Users\Laney\AppData\Roaming\Microsoft

[2011.06.24 10:17:51 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Mozilla

[2012.06.21 18:56:27 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\MyPhoneExplorer

[2011.10.28 08:55:36 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PDF Writer

[2011.11.11 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PwrMgr

[2012.07.28 22:19:29 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Skype

[2012.06.21 18:37:50 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Sony

[2011.06.25 15:37:00 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\TeamViewer

[2011.06.24 10:43:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Thunderbird

[2011.12.18 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Tracker Software

[2012.03.30 12:43:59 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\vlc

[2011.07.12 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Vodafone

[2011.09.13 22:19:18 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\WinRAR

[2012.04.28 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\{7AA05F48-9B52-4244-B296-F505ACBC5FD9}

 
 < %APPDATA%\*.exe /s >

[2012.06.14 04:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Laney\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.06.14 04:09:00 | 000,874,440 | ---- | M] (Dropbox, Inc.) -- C:\Users\Laney\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

[2012.06.14 04:09:06 | 000,181,776 | ---- | M] (Dropbox, Inc.) -- C:\Users\Laney\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2011.11.11 16:44:36 | 000,010,134 | R--- | M] () -- C:\Users\Laney\AppData\Roaming\Microsoft\Installer\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.08.07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\DRIVERS\WIN\Turbomem\DRV\Winall\Driver\IaStor.sys

[2009.08.07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.08.07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys

[2009.08.07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1e7c6170b79c26b\iaStor.sys

[2009.08.07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\DRIVERS\WIN\Turbomem\DRV\Winall\Driver64\IaStor.sys

[2009.08.07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Vielen Dank für die Hilfe,
Laney

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

FF - user.js - File not found

O3 - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun

O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun

O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe

:Files

C:\ProgramData\036DFF61004F8DA102F9842FF875EF7E

C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\L

C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\L

C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U

C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U

C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n

C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n

C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@

C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo,

vielen Dank, hier die Log-Datei:

Code:

All processes killed

========== OTL ==========

HKU\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8acae303-b769-11e0-b578-001d7284404f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8acae303-b769-11e0-b578-001d7284404f}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8acae30a-b769-11e0-b578-001d7284404f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8acae30a-b769-11e0-b578-001d7284404f}\ not found.

File E:\AutoRun.exe not found.

========== FILES ==========

C:\ProgramData\036DFF61004F8DA102F9842FF875EF7E folder moved successfully.

C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\L folder moved successfully.

C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\L folder moved successfully.

C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U folder moved successfully.

C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U folder moved successfully.

File\Folder C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n not found.

File\Folder C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n not found.

C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@ moved successfully.

C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@ moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Laney

->Temp folder emptied: 210015949 bytes

->Temporary Internet Files folder emptied: 68690827 bytes

->Java cache emptied: 1084735 bytes

->FireFox cache emptied: 391159200 bytes

->Flash cache emptied: 66969 bytes

 

User: Public

 

User: Sicherheit

->Temp folder emptied: 1256988 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 56468 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 389520749 bytes

RecycleBin emptied: 244339496 bytes

 

Total Files Cleaned = 1.246,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Laney

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Sicherheit

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.58.1 log created on 08212012_164033
 

Files\Folders moved on Reboot...
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Schönen Urlaub,
Laney

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hi!
Ich hoffe, Dein Urlaub war schön.
Vielen Dank für die Hilfe!
Hier die Log-Datei vom TDSSKiller:

Code:

15:42:28.0493 3752  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

15:42:28.0556 3752  ============================================================

15:42:28.0556 3752  Current date / time: 2012/08/30 15:42:28.0556

15:42:28.0556 3752  SystemInfo:

15:42:28.0556 3752  

15:42:28.0556 3752  OS Version: 6.1.7601 ServicePack: 1.0

15:42:28.0556 3752  Product type: Workstation

15:42:28.0556 3752  ComputerName: TORNADO

15:42:28.0571 3752  UserName: Laney

15:42:28.0571 3752  Windows directory: C:\Windows

15:42:28.0571 3752  System windows directory: C:\Windows

15:42:28.0571 3752  Processor architecture: Intel x86

15:42:28.0571 3752  Number of processors: 2

15:42:28.0571 3752  Page size: 0x1000

15:42:28.0571 3752  Boot type: Normal boot

15:42:28.0571 3752  ============================================================

15:42:28.0946 3752  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

15:42:28.0961 3752  ============================================================

15:42:28.0961 3752  \Device\Harddisk1\DR1:

15:42:28.0961 3752  MBR partitions:

15:42:28.0961 3752  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x99A000, BlocksNum 0x1207F000

15:42:28.0961 3752  ============================================================

15:42:28.0961 3752  C: <-> \Device\Harddisk1\DR1\Partition1

15:42:28.0961 3752  ============================================================

15:42:28.0961 3752  Initialize success

15:42:28.0961 3752  ============================================================

15:43:36.0213 5292  ============================================================

15:43:36.0213 5292  Scan started

15:43:36.0213 5292  Mode: Manual; SigCheck; TDLFS; 

15:43:36.0213 5292  ============================================================

15:43:36.0993 5292  ================ Scan services =============================

15:43:37.0055 5292  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

15:43:37.0180 5292  1394ohci - ok

15:43:37.0196 5292  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

15:43:37.0211 5292  ACPI - ok

15:43:37.0227 5292  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

15:43:37.0274 5292  AcpiPmi - ok

15:43:37.0289 5292  [ 6C61BCEB60C2C187E6F96001FD69493E ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys

15:43:37.0352 5292  ADIHdAudAddService - ok

15:43:37.0367 5292  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

15:43:37.0367 5292  AdobeARMservice - ok

15:43:37.0430 5292  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys

15:43:37.0445 5292  adp94xx - ok

15:43:37.0461 5292  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys

15:43:37.0476 5292  adpahci - ok

15:43:37.0508 5292  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys

15:43:37.0523 5292  adpu320 - ok

15:43:37.0523 5292  [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE

15:43:37.0554 5292  AEADIFilters - ok

15:43:37.0554 5292  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

15:43:37.0586 5292  AeLookupSvc - ok

15:43:37.0617 5292  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys

15:43:37.0664 5292  AFD - ok

15:43:37.0679 5292  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys

15:43:37.0695 5292  agp440 - ok

15:43:37.0710 5292  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys

15:43:37.0726 5292  aic78xx - ok

15:43:37.0960 5292  [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai          c:\program files\common files\akamai/netsession_win_4f7fccd.dll

15:43:37.0960 5292  Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22

15:43:37.0976 5292  Akamai ( HiddenFile.Multi.Generic ) - warning

15:43:37.0976 5292  Akamai - detected HiddenFile.Multi.Generic (1)

15:43:37.0991 5292  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe

15:43:38.0022 5292  ALG - ok

15:43:38.0038 5292  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys

15:43:38.0054 5292  aliide - ok

15:43:38.0085 5292  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

15:43:38.0100 5292  amdagp - ok

15:43:38.0116 5292  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys

15:43:38.0116 5292  amdide - ok

15:43:38.0147 5292  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys

15:43:38.0178 5292  AmdK8 - ok

15:43:38.0194 5292  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

15:43:38.0241 5292  AmdPPM - ok

15:43:38.0256 5292  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys

15:43:38.0272 5292  amdsata - ok

15:43:38.0288 5292  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

15:43:38.0303 5292  amdsbs - ok

15:43:38.0303 5292  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

15:43:38.0319 5292  amdxata - ok

15:43:38.0350 5292  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys

15:43:38.0444 5292  androidusb - ok

15:43:38.0459 5292  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe

15:43:38.0459 5292  AntiVirSchedulerService - ok

15:43:38.0475 5292  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe

15:43:38.0475 5292  AntiVirService - ok

15:43:38.0506 5292  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys

15:43:38.0646 5292  AppID - ok

15:43:38.0678 5292  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

15:43:38.0709 5292  AppIDSvc - ok

15:43:38.0724 5292  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll

15:43:38.0756 5292  Appinfo - ok

15:43:38.0771 5292  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll

15:43:38.0802 5292  AppMgmt - ok

15:43:38.0834 5292  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys

15:43:38.0849 5292  arc - ok

15:43:38.0865 5292  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys

15:43:38.0865 5292  arcsas - ok

15:43:38.0880 5292  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

15:43:39.0005 5292  AsyncMac - ok

15:43:39.0005 5292  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys

15:43:39.0021 5292  atapi - ok

15:43:39.0052 5292  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:43:39.0099 5292  AudioEndpointBuilder - ok

15:43:39.0114 5292  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll

15:43:39.0146 5292  Audiosrv - ok

15:43:39.0161 5292  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys

15:43:39.0177 5292  avgntflt - ok

15:43:39.0177 5292  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys

15:43:39.0192 5292  avipbb - ok

15:43:39.0208 5292  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys

15:43:39.0208 5292  avkmgr - ok

15:43:39.0224 5292  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll

15:43:39.0255 5292  AxInstSV - ok

15:43:39.0302 5292  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys

15:43:39.0348 5292  b06bdrv - ok

15:43:39.0380 5292  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys

15:43:39.0395 5292  b57nd60x - ok

15:43:39.0411 5292  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll

15:43:39.0442 5292  BDESVC - ok

15:43:39.0442 5292  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys

15:43:39.0473 5292  Beep - ok

15:43:39.0473 5292  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

15:43:39.0504 5292  blbdrive - ok

15:43:39.0504 5292  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

15:43:39.0551 5292  bowser - ok

15:43:39.0567 5292  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:43:39.0629 5292  BrFiltLo - ok

15:43:39.0645 5292  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:43:39.0676 5292  BrFiltUp - ok

15:43:39.0676 5292  [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser         C:\Windows\System32\browser.dll

15:43:39.0738 5292  Browser - ok

15:43:39.0754 5292  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

15:43:39.0785 5292  Brserid - ok

15:43:39.0801 5292  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

15:43:39.0832 5292  BrSerWdm - ok

15:43:39.0832 5292  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

15:43:39.0863 5292  BrUsbMdm - ok

15:43:39.0863 5292  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

15:43:39.0894 5292  BrUsbSer - ok

15:43:39.0926 5292  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys

15:43:39.0941 5292  BthEnum - ok

15:43:39.0957 5292  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

15:43:39.0988 5292  BTHMODEM - ok

15:43:40.0019 5292  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys

15:43:40.0035 5292  BthPan - ok

15:43:40.0082 5292  [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys

15:43:40.0113 5292  BTHPORT - ok

15:43:40.0128 5292  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll

15:43:40.0191 5292  bthserv - ok

15:43:40.0206 5292  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys

15:43:40.0238 5292  BTHUSB - ok

15:43:40.0253 5292  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

15:43:40.0300 5292  cdfs - ok

15:43:40.0300 5292  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

15:43:40.0331 5292  cdrom - ok

15:43:40.0347 5292  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll

15:43:40.0378 5292  CertPropSvc - ok

15:43:40.0409 5292  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

15:43:40.0425 5292  circlass - ok

15:43:40.0425 5292  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys

15:43:40.0440 5292  CLFS - ok

15:43:40.0472 5292  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:43:40.0487 5292  clr_optimization_v2.0.50727_32 - ok

15:43:40.0518 5292  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:43:40.0534 5292  clr_optimization_v4.0.30319_32 - ok

15:43:40.0534 5292  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

15:43:40.0550 5292  CmBatt - ok

15:43:40.0565 5292  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

15:43:40.0581 5292  cmdide - ok

15:43:40.0596 5292  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys

15:43:40.0628 5292  CNG - ok

15:43:40.0628 5292  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

15:43:40.0643 5292  Compbatt - ok

15:43:40.0659 5292  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

15:43:40.0674 5292  CompositeBus - ok

15:43:40.0690 5292  COMSysApp - ok

15:43:40.0706 5292  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys

15:43:40.0706 5292  crcdisk - ok

15:43:40.0737 5292  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

15:43:40.0768 5292  CryptSvc - ok

15:43:40.0784 5292  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys

15:43:40.0846 5292  CSC - ok

15:43:40.0877 5292  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll

15:43:40.0908 5292  CscService - ok

15:43:40.0940 5292  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys

15:43:40.0955 5292  CVirtA - ok

15:43:41.0033 5292  [ 30443EEF52F5FB043654859EAA8E5247 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

15:43:41.0080 5292  CVPND - ok

15:43:41.0096 5292  [ CB90B2762B1A1D0B40496400C55B6ADE ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys

15:43:41.0127 5292  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

15:43:41.0127 5292  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

15:43:41.0158 5292  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll

15:43:41.0189 5292  DcomLaunch - ok

15:43:41.0205 5292  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll

15:43:41.0236 5292  defragsvc - ok

15:43:41.0252 5292  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

15:43:41.0283 5292  DfsC - ok

15:43:41.0298 5292  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll

15:43:41.0345 5292  Dhcp - ok

15:43:41.0345 5292  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys

15:43:41.0376 5292  discache - ok

15:43:41.0392 5292  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys

15:43:41.0408 5292  Disk - ok

15:43:41.0408 5292  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys

15:43:41.0423 5292  DNE - ok

15:43:41.0423 5292  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

15:43:41.0454 5292  Dnscache - ok

15:43:41.0470 5292  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll

15:43:41.0501 5292  dot3svc - ok

15:43:41.0517 5292  [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD         C:\Windows\system32\DRIVERS\DozeHDD.sys

15:43:41.0517 5292  DozeHDD - ok

15:43:41.0548 5292  [ 01E2180C3D72CB0ADCC43FB83D18942A ] DozeSvc         C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

15:43:41.0564 5292  DozeSvc - ok

15:43:41.0579 5292  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll

15:43:41.0626 5292  DPS - ok

15:43:41.0642 5292  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

15:43:41.0673 5292  drmkaud - ok

15:43:41.0704 5292  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

15:43:41.0735 5292  DXGKrnl - ok

15:43:41.0751 5292  [ CF0A6015F437161698C5B2A0A12CF052 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys

15:43:41.0782 5292  e1express - ok

15:43:41.0782 5292  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll

15:43:41.0813 5292  EapHost - ok

15:43:41.0829 5292  [ 312B74DC21C0EE503905740852DAE28B ] easytether      C:\Windows\system32\DRIVERS\easytthr.sys

15:43:41.0829 5292  easytether - ok

15:43:41.0954 5292  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys

15:43:42.0110 5292  ebdrv - ok

15:43:42.0110 5292  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe

15:43:42.0141 5292  EFS - ok

15:43:42.0172 5292  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

15:43:42.0203 5292  ehRecvr - ok

15:43:42.0234 5292  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe

15:43:42.0250 5292  ehSched - ok

15:43:42.0281 5292  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys

15:43:42.0297 5292  elxstor - ok

15:43:42.0328 5292  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

15:43:42.0344 5292  ErrDev - ok

15:43:42.0375 5292  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll

15:43:42.0422 5292  EventSystem - ok

15:43:42.0453 5292  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys

15:43:42.0484 5292  exfat - ok

15:43:42.0515 5292  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

15:43:42.0562 5292  fastfat - ok

15:43:42.0593 5292  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe

15:43:42.0640 5292  Fax - ok

15:43:42.0656 5292  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

15:43:42.0656 5292  fdc - ok

15:43:42.0687 5292  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll

15:43:42.0718 5292  fdPHost - ok

15:43:42.0718 5292  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll

15:43:42.0749 5292  FDResPub - ok

15:43:42.0749 5292  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

15:43:42.0765 5292  FileInfo - ok

15:43:42.0780 5292  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

15:43:42.0812 5292  Filetrace - ok

15:43:42.0827 5292  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

15:43:42.0843 5292  flpydisk - ok

15:43:42.0858 5292  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

15:43:42.0874 5292  FltMgr - ok

15:43:42.0921 5292  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll

15:43:42.0952 5292  FontCache - ok

15:43:42.0968 5292  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

15:43:42.0968 5292  FontCache3.0.0.0 - ok

15:43:42.0983 5292  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

15:43:42.0999 5292  FsDepends - ok

15:43:42.0999 5292  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

15:43:43.0014 5292  Fs_Rec - ok

15:43:43.0030 5292  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

15:43:43.0046 5292  fvevol - ok

15:43:43.0077 5292  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys

15:43:43.0077 5292  gagp30kx - ok

15:43:43.0108 5292  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll

15:43:43.0155 5292  gpsvc - ok

15:43:43.0170 5292  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

15:43:43.0202 5292  hcw85cir - ok

15:43:43.0233 5292  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:43:43.0248 5292  HdAudAddService - ok

15:43:43.0264 5292  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

15:43:43.0295 5292  HDAudBus - ok

15:43:43.0311 5292  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys

15:43:43.0326 5292  HidBatt - ok

15:43:43.0342 5292  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys

15:43:43.0373 5292  HidBth - ok

15:43:43.0389 5292  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

15:43:43.0420 5292  HidIr - ok

15:43:43.0420 5292  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll

15:43:43.0436 5292  hidserv - ok

15:43:43.0482 5292  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

15:43:43.0482 5292  HidUsb - ok

15:43:43.0498 5292  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll

15:43:43.0529 5292  hkmsvc - ok

15:43:43.0560 5292  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:43:43.0592 5292  HomeGroupListener - ok

15:43:43.0623 5292  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:43:43.0638 5292  HomeGroupProvider - ok

15:43:43.0670 5292  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

15:43:43.0685 5292  HpSAMD - ok

15:43:43.0716 5292  [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys

15:43:43.0794 5292  HSF_DPV - ok

15:43:43.0810 5292  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys

15:43:43.0826 5292  HSXHWAZL - ok

15:43:43.0857 5292  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

15:43:43.0888 5292  HTTP - ok

15:43:43.0919 5292  [ 988C0A49F09D75D3341CB419141793C1 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys

15:43:43.0935 5292  hwdatacard - ok

15:43:43.0950 5292  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

15:43:43.0950 5292  hwpolicy - ok

15:43:43.0982 5292  [ A259D3619AA23D4562581067F85E2006 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys

15:43:43.0997 5292  hwusbdev - ok

15:43:44.0013 5292  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

15:43:44.0028 5292  i8042prt - ok

15:43:44.0044 5292  [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

15:43:44.0060 5292  IAANTMON - ok

15:43:44.0075 5292  [ D0310C79C5A9D42B96E37C5C510C6A5C ] iaNvStor        C:\Windows\system32\DRIVERS\iaNvStor.sys

15:43:44.0091 5292  iaNvStor - ok

15:43:44.0106 5292  [ 01446278D4563B3013C92830AE6CBB26 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys

15:43:44.0122 5292  iaStor - ok

15:43:44.0138 5292  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

15:43:44.0153 5292  iaStorV - ok

15:43:44.0153 5292  [ BF648877413F6160E480814A24942B65 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys

15:43:44.0169 5292  IBMPMDRV - ok

15:43:44.0184 5292  [ A75CE11915E4ECC5E1597D6E0F7BB2DB ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe

15:43:44.0184 5292  IBMPMSVC - ok

15:43:44.0247 5292  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:43:44.0278 5292  idsvc - ok

15:43:44.0450 5292  [ 1F50623259DF354776DF04C56504A2D7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys

15:43:44.0684 5292  igfx - ok

15:43:44.0699 5292  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys

15:43:44.0699 5292  iirsp - ok

15:43:44.0730 5292  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll

15:43:44.0777 5292  IKEEXT - ok

15:43:44.0793 5292  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys

15:43:44.0793 5292  intelide - ok

15:43:44.0808 5292  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

15:43:44.0824 5292  intelppm - ok

15:43:44.0840 5292  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

15:43:44.0886 5292  IPBusEnum - ok

15:43:44.0886 5292  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:43:44.0933 5292  IpFilterDriver - ok

15:43:44.0949 5292  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

15:43:44.0964 5292  IPMIDRV - ok

15:43:44.0980 5292  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

15:43:45.0011 5292  IPNAT - ok

15:43:45.0027 5292  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys

15:43:45.0089 5292  IRENUM - ok

15:43:45.0105 5292  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

15:43:45.0105 5292  isapnp - ok

15:43:45.0120 5292  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

15:43:45.0136 5292  iScsiPrt - ok

15:43:45.0152 5292  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

15:43:45.0167 5292  kbdclass - ok

15:43:45.0167 5292  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

15:43:45.0198 5292  kbdhid - ok

15:43:45.0198 5292  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe

15:43:45.0214 5292  KeyIso - ok

15:43:45.0245 5292  [ EC97BE0D539597965BE5A8DABBD67BD9 ] KMWDFILTERx86   C:\Windows\system32\DRIVERS\KMWDFILTER.sys

15:43:45.0261 5292  KMWDFILTERx86 - ok

15:43:45.0339 5292  [ 37C4748910241C745FEA5A8D3059543C ] KMWDSERVICE     C:\Program Files\Mouse Driver\KMWDSrv.exe

15:43:45.0417 5292  KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning

15:43:45.0417 5292  KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)

15:43:45.0417 5292  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

15:43:45.0432 5292  KSecDD - ok

15:43:45.0448 5292  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

15:43:45.0464 5292  KSecPkg - ok

15:43:45.0495 5292  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll

15:43:45.0557 5292  KtmRm - ok

15:43:45.0573 5292  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll

15:43:45.0604 5292  LanmanServer - ok

15:43:45.0604 5292  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:43:45.0635 5292  LanmanWorkstation - ok

15:43:45.0651 5292  [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

15:43:45.0666 5292  LENOVO.MICMUTE - ok

15:43:45.0666 5292  [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi      C:\Windows\system32\DRIVERS\smiif32.sys

15:43:45.0666 5292  lenovo.smi - ok

15:43:45.0682 5292  [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

15:43:45.0682 5292  Lenovo.VIRTSCRLSVC - ok

15:43:45.0698 5292  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

15:43:45.0729 5292  lltdio - ok

15:43:45.0744 5292  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

15:43:45.0776 5292  lltdsvc - ok

15:43:45.0791 5292  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll

15:43:45.0822 5292  lmhosts - ok

15:43:45.0854 5292  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

15:43:45.0854 5292  LSI_FC - ok

15:43:45.0869 5292  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

15:43:45.0885 5292  LSI_SAS - ok

15:43:45.0900 5292  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:43:45.0916 5292  LSI_SAS2 - ok

15:43:45.0932 5292  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:43:45.0947 5292  LSI_SCSI - ok

15:43:45.0947 5292  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys

15:43:45.0978 5292  luafv - ok

15:43:46.0010 5292  [ 8D9C68FA8B7FBE0E225BDE0BBCD8CE9B ] massfilter      C:\Windows\system32\DRIVERS\massfilter.sys

15:43:46.0025 5292  massfilter - ok

15:43:46.0041 5292  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

15:43:46.0056 5292  Mcx2Svc - ok

15:43:46.0072 5292  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys

15:43:46.0088 5292  mdmxsdk - ok

15:43:46.0103 5292  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

15:43:46.0119 5292  megasas - ok

15:43:46.0150 5292  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

15:43:46.0166 5292  MegaSR - ok

15:43:46.0197 5292  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

15:43:46.0197 5292  Microsoft Office Groove Audit Service - ok

15:43:46.0212 5292  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll

15:43:46.0244 5292  MMCSS - ok

15:43:46.0244 5292  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys

15:43:46.0290 5292  Modem - ok

15:43:46.0290 5292  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

15:43:46.0306 5292  monitor - ok

15:43:46.0322 5292  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

15:43:46.0322 5292  mouclass - ok

15:43:46.0353 5292  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

15:43:46.0368 5292  mouhid - ok

15:43:46.0384 5292  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

15:43:46.0400 5292  mountmgr - ok

15:43:46.0446 5292  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

15:43:46.0446 5292  MozillaMaintenance - ok

15:43:46.0478 5292  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys

15:43:46.0493 5292  mpio - ok

15:43:46.0524 5292  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

15:43:46.0571 5292  mpsdrv - ok

15:43:46.0602 5292  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

15:43:46.0618 5292  MRxDAV - ok

15:43:46.0634 5292  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

15:43:46.0665 5292  mrxsmb - ok

15:43:46.0680 5292  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:43:46.0712 5292  mrxsmb10 - ok

15:43:46.0727 5292  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:43:46.0743 5292  mrxsmb20 - ok

15:43:46.0743 5292  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys

15:43:46.0758 5292  msahci - ok

15:43:46.0774 5292  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

15:43:46.0790 5292  msdsm - ok

15:43:46.0805 5292  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe

15:43:46.0821 5292  MSDTC - ok

15:43:46.0836 5292  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys

15:43:46.0852 5292  Msfs - ok

15:43:46.0868 5292  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

15:43:46.0914 5292  mshidkmdf - ok

15:43:46.0914 5292  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

15:43:46.0930 5292  msisadrv - ok

15:43:46.0946 5292  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

15:43:46.0977 5292  MSiSCSI - ok

15:43:46.0992 5292  msiserver - ok

15:43:47.0008 5292  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

15:43:47.0039 5292  MSKSSRV - ok

15:43:47.0055 5292  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

15:43:47.0086 5292  MSPCLOCK - ok

15:43:47.0086 5292  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

15:43:47.0133 5292  MSPQM - ok

15:43:47.0133 5292  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

15:43:47.0148 5292  MsRPC - ok

15:43:47.0164 5292  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

15:43:47.0180 5292  mssmbios - ok

15:43:47.0195 5292  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

15:43:47.0211 5292  MSTEE - ok

15:43:47.0226 5292  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

15:43:47.0242 5292  MTConfig - ok

15:43:47.0242 5292  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys

15:43:47.0258 5292  Mup - ok

15:43:47.0273 5292  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll

15:43:47.0320 5292  napagent - ok

15:43:47.0336 5292  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

15:43:47.0351 5292  NativeWifiP - ok

15:43:47.0382 5292  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys

15:43:47.0414 5292  NDIS - ok

15:43:47.0476 5292  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

15:43:47.0507 5292  NdisCap - ok

15:43:47.0507 5292  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

15:43:47.0538 5292  NdisTapi - ok

15:43:47.0554 5292  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

15:43:47.0570 5292  Ndisuio - ok

15:43:47.0585 5292  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

15:43:47.0616 5292  NdisWan - ok

15:43:47.0616 5292  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

15:43:47.0648 5292  NDProxy - ok

15:43:47.0648 5292  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

15:43:47.0679 5292  NetBIOS - ok

15:43:47.0694 5292  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

15:43:47.0741 5292  NetBT - ok

15:43:47.0741 5292  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe

15:43:47.0757 5292  Netlogon - ok

15:43:47.0772 5292  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll

15:43:47.0804 5292  Netman - ok

15:43:47.0819 5292  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll

15:43:47.0866 5292  netprofm - ok

15:43:47.0897 5292  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:43:47.0897 5292  NetTcpPortSharing - ok

15:43:48.0038 5292  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys

15:43:48.0256 5292  netw5v32 - ok

15:43:48.0272 5292  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

15:43:48.0287 5292  nfrd960 - ok

15:43:48.0303 5292  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll

15:43:48.0334 5292  NlaSvc - ok

15:43:48.0350 5292  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys

15:43:48.0381 5292  Npfs - ok

15:43:48.0381 5292  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll

15:43:48.0412 5292  nsi - ok

15:43:48.0412 5292  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

15:43:48.0443 5292  nsiproxy - ok

15:43:48.0490 5292  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

15:43:48.0537 5292  Ntfs - ok

15:43:48.0552 5292  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys

15:43:48.0771 5292  Null - ok

15:43:48.0818 5292  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

15:43:48.0818 5292  nvraid - ok

15:43:48.0864 5292  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

15:43:48.0864 5292  nvstor - ok

15:43:48.0880 5292  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

15:43:48.0896 5292  nv_agp - ok

15:43:48.0927 5292  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:43:48.0942 5292  odserv - ok

15:43:48.0974 5292  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

15:43:49.0005 5292  ohci1394 - ok

15:43:49.0020 5292  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:43:49.0036 5292  ose - ok

15:43:49.0067 5292  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

15:43:49.0098 5292  p2pimsvc - ok

15:43:49.0114 5292  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll

15:43:49.0145 5292  p2psvc - ok

15:43:49.0145 5292  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys

15:43:49.0176 5292  Parport - ok

15:43:49.0176 5292  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys

15:43:49.0192 5292  partmgr - ok

15:43:49.0208 5292  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys

15:43:49.0239 5292  Parvdm - ok

15:43:49.0254 5292  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll

15:43:49.0270 5292  PcaSvc - ok

15:43:49.0270 5292  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys

15:43:49.0286 5292  pci - ok

15:43:49.0317 5292  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys

15:43:49.0317 5292  pciide - ok

15:43:49.0332 5292  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

15:43:49.0348 5292  pcmcia - ok

15:43:49.0364 5292  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys

15:43:49.0364 5292  pcw - ok

15:43:49.0395 5292  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

15:43:49.0488 5292  PEAUTH - ok

15:43:49.0535 5292  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll

15:43:49.0566 5292  PeerDistSvc - ok

15:43:49.0629 5292  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll

15:43:49.0707 5292  pla - ok

15:43:49.0722 5292  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

15:43:49.0754 5292  PlugPlay - ok

15:43:49.0769 5292  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

15:43:49.0785 5292  PNRPAutoReg - ok

15:43:49.0816 5292  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

15:43:49.0832 5292  PNRPsvc - ok

15:43:49.0863 5292  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

15:43:49.0910 5292  PolicyAgent - ok

15:43:49.0910 5292  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll

15:43:49.0941 5292  Power - ok

15:43:49.0972 5292  [ 836FE79DE8767D77136B6491A3D61089 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

15:43:49.0988 5292  Power Manager DBC Service - ok

15:43:49.0988 5292  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

15:43:50.0019 5292  PptpMiniport - ok

15:43:50.0050 5292  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys

15:43:50.0066 5292  Processor - ok

15:43:50.0112 5292  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll

15:43:50.0128 5292  ProfSvc - ok

15:43:50.0144 5292  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

15:43:50.0159 5292  ProtectedStorage - ok

15:43:50.0159 5292  [ 06F82545E04EBF113B1C2C1C9F766D81 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys

15:43:50.0175 5292  psadd - ok

15:43:50.0175 5292  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

15:43:50.0206 5292  Psched - ok

15:43:50.0222 5292  [ 576444157F1CB25AE2057EED586D4889 ] PwmEWSvc        C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE

15:43:50.0237 5292  PwmEWSvc - ok

15:43:50.0300 5292  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

15:43:50.0378 5292  ql2300 - ok

15:43:50.0378 5292  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

15:43:50.0393 5292  ql40xx - ok

15:43:50.0409 5292  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll

15:43:50.0440 5292  QWAVE - ok

15:43:50.0471 5292  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

15:43:50.0487 5292  QWAVEdrv - ok

15:43:50.0502 5292  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

15:43:50.0534 5292  RasAcd - ok

15:43:50.0534 5292  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

15:43:50.0580 5292  RasAgileVpn - ok

15:43:50.0596 5292  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll

15:43:50.0612 5292  RasAuto - ok

15:43:50.0627 5292  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

15:43:50.0658 5292  Rasl2tp - ok

15:43:50.0690 5292  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll

15:43:50.0721 5292  RasMan - ok

15:43:50.0721 5292  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

15:43:50.0752 5292  RasPppoe - ok

15:43:50.0752 5292  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

15:43:50.0799 5292  RasSstp - ok

15:43:50.0814 5292  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

15:43:50.0846 5292  rdbss - ok

15:43:50.0846 5292  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

15:43:50.0877 5292  rdpbus - ok

15:43:50.0877 5292  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

15:43:50.0924 5292  RDPCDD - ok

15:43:50.0955 5292  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys

15:43:50.0970 5292  RDPDR - ok

15:43:50.0970 5292  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

15:43:51.0017 5292  RDPENCDD - ok

15:43:51.0017 5292  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

15:43:51.0064 5292  RDPREFMP - ok

15:43:51.0095 5292  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

15:43:51.0126 5292  RDPWD - ok

15:43:51.0126 5292  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

15:43:51.0158 5292  rdyboost - ok

15:43:51.0173 5292  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll

15:43:51.0205 5292  RemoteAccess - ok

15:43:51.0220 5292  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

15:43:51.0251 5292  RemoteRegistry - ok

15:43:51.0267 5292  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys

15:43:51.0283 5292  RFCOMM - ok

15:43:51.0298 5292  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

15:43:51.0329 5292  RpcEptMapper - ok

15:43:51.0345 5292  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe

15:43:51.0376 5292  RpcLocator - ok

15:43:51.0392 5292  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll

15:43:51.0423 5292  RpcSs - ok

15:43:51.0439 5292  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

15:43:51.0454 5292  rspndr - ok

15:43:51.0485 5292  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys

15:43:51.0501 5292  s3cap - ok

15:43:51.0501 5292  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe

15:43:51.0517 5292  SamSs - ok

15:43:51.0532 5292  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

15:43:51.0548 5292  sbp2port - ok

15:43:51.0563 5292  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

15:43:51.0595 5292  SCardSvr - ok

15:43:51.0610 5292  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

15:43:51.0641 5292  scfilter - ok

15:43:51.0673 5292  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll

15:43:51.0735 5292  Schedule - ok

15:43:51.0766 5292  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll

15:43:51.0782 5292  SCPolicySvc - ok

15:43:51.0782 5292  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys

15:43:51.0813 5292  sdbus - ok

15:43:51.0829 5292  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

15:43:51.0860 5292  SDRSVC - ok

15:43:51.0860 5292  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

15:43:51.0891 5292  secdrv - ok

15:43:51.0907 5292  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll

15:43:51.0938 5292  seclogon - ok

15:43:51.0938 5292  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll

15:43:51.0969 5292  SENS - ok

15:43:52.0000 5292  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll

15:43:52.0000 5292  SensrSvc - ok

15:43:52.0016 5292  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

15:43:52.0047 5292  Serenum - ok

15:43:52.0063 5292  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

15:43:52.0078 5292  Serial - ok

15:43:52.0109 5292  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

15:43:52.0109 5292  sermouse - ok

15:43:52.0141 5292  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll

15:43:52.0187 5292  SessionEnv - ok

15:43:52.0187 5292  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys

15:43:52.0219 5292  sffdisk - ok

15:43:52.0234 5292  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

15:43:52.0265 5292  sffp_mmc - ok

15:43:52.0265 5292  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys

15:43:52.0281 5292  sffp_sd - ok

15:43:52.0312 5292  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

15:43:52.0328 5292  sfloppy - ok

15:43:52.0359 5292  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:43:52.0390 5292  ShellHWDetection - ok

15:43:52.0406 5292  [ DF6A84DD19D3C0858D707B5E64938D60 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx86.sys

15:43:52.0421 5292  Shockprf - ok

15:43:52.0453 5292  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys

15:43:52.0453 5292  sisagp - ok

15:43:52.0499 5292  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:43:52.0499 5292  SiSRaid2 - ok

15:43:52.0515 5292  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

15:43:52.0531 5292  SiSRaid4 - ok

15:43:52.0546 5292  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys

15:43:52.0577 5292  Smb - ok

15:43:52.0577 5292  [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp          C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

15:43:52.0593 5292  smihlp - ok

15:43:52.0609 5292  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

15:43:52.0609 5292  SNMPTRAP - ok

15:43:52.0952 5292  [ 11BB0E11D42CC3A43D741D9B30839BE1 ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys

15:43:53.0342 5292  SNPSTD3 - ok

15:43:53.0357 5292  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys

15:43:53.0357 5292  spldr - ok

15:43:53.0389 5292  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\Windows\System32\spoolsv.exe

15:43:53.0420 5292  Spooler - ok

15:43:53.0732 5292  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe

15:43:53.0857 5292  sppsvc - ok

15:43:53.0888 5292  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

15:43:53.0919 5292  sppuinotify - ok

15:43:53.0935 5292  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys

15:43:53.0966 5292  srv - ok

15:43:53.0981 5292  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

15:43:54.0013 5292  srv2 - ok

15:43:54.0059 5292  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS

15:43:54.0091 5292  SrvHsfHDA - ok

15:43:54.0122 5292  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS

15:43:54.0184 5292  SrvHsfV92 - ok

15:43:54.0215 5292  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

15:43:54.0231 5292  SrvHsfWinac - ok

15:43:54.0247 5292  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

15:43:54.0262 5292  srvnet - ok

15:43:54.0293 5292  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys

15:43:54.0325 5292  ssadbus - ok

15:43:54.0356 5292  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys

15:43:54.0356 5292  ssadmdfl - ok

15:43:54.0387 5292  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys

15:43:54.0403 5292  ssadmdm - ok

15:43:54.0418 5292  [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys

15:43:54.0434 5292  ssadserd - ok

15:43:54.0449 5292  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

15:43:54.0481 5292  SSDPSRV - ok

15:43:54.0481 5292  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys

15:43:54.0496 5292  ssmdrv - ok

15:43:54.0512 5292  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

15:43:54.0527 5292  SstpSvc - ok

15:43:54.0574 5292  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

15:43:54.0574 5292  stexstor - ok

15:43:54.0605 5292  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll

15:43:54.0637 5292  StiSvc - ok

15:43:54.0652 5292  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys

15:43:54.0668 5292  storflt - ok

15:43:54.0683 5292  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll

15:43:54.0683 5292  StorSvc - ok

15:43:54.0715 5292  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys

15:43:54.0730 5292  storvsc - ok

15:43:54.0730 5292  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys

15:43:54.0746 5292  swenum - ok

15:43:54.0761 5292  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll

15:43:54.0793 5292  swprv - ok

15:43:54.0855 5292  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll

15:43:54.0902 5292  SysMain - ok

15:43:54.0917 5292  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:43:54.0949 5292  TabletInputService - ok

15:43:54.0964 5292  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll

15:43:54.0995 5292  TapiSrv - ok

15:43:54.0995 5292  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll

15:43:55.0027 5292  TBS - ok

15:43:55.0073 5292  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

15:43:55.0136 5292  Tcpip - ok

15:43:55.0183 5292  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

15:43:55.0214 5292  TCPIP6 - ok

15:43:55.0214 5292  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

15:43:55.0245 5292  tcpipreg - ok

15:43:55.0307 5292  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

15:43:55.0339 5292  TDPIPE - ok

15:43:55.0354 5292  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

15:43:55.0370 5292  TDTCP - ok

15:43:55.0385 5292  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

15:43:55.0417 5292  tdx - ok

15:43:55.0495 5292  [ 0F0FEDEB1BEF118CF676B1E5BBB0FE9A ] TeamViewer6     C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

15:43:55.0541 5292  TeamViewer6 - ok

15:43:55.0635 5292  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

15:43:55.0682 5292  TeamViewer7 - ok

15:43:55.0682 5292  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys

15:43:55.0697 5292  TermDD - ok

15:43:55.0760 5292  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll

15:43:55.0822 5292  TermService - ok

15:43:55.0822 5292  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll

15:43:55.0853 5292  Themes - ok

15:43:55.0869 5292  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll

15:43:55.0885 5292  THREADORDER - ok

15:43:55.0900 5292  [ 1C950AE9C09904C229525F22EEFC15DB ] Tp4Track        C:\Windows\system32\DRIVERS\tp4track.sys

15:43:55.0900 5292  Tp4Track - ok

15:43:55.0916 5292  [ 50B570E4209F6D401893720FC8DDCE46 ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM86.sys

15:43:55.0916 5292  TPDIGIMN - ok

15:43:55.0947 5292  [ 1F98A2433555DD854CB4E2EDC819DEB4 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG.exe

15:43:55.0947 5292  TPHDEXLGSVC - ok

15:43:55.0963 5292  [ 88D609BFDEB7E013E9E491434190BA43 ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

15:43:55.0963 5292  TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning

15:43:55.0963 5292  TPHKLOAD - detected UnsignedFile.Multi.Generic (1)

15:43:55.0963 5292  [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

15:43:55.0978 5292  TPHKSVC - ok

15:43:55.0978 5292  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\Windows\system32\drivers\tpm.sys

15:43:56.0009 5292  TPM - ok

15:43:56.0009 5292  [ C16EC6A5390904D3971179553852025B ] TPPWRIF         C:\Windows\system32\drivers\Tppwr32v.sys

15:43:56.0025 5292  TPPWRIF - ok

15:43:56.0025 5292  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll

15:43:56.0056 5292  TrkWks - ok

15:43:56.0072 5292  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:43:56.0103 5292  TrustedInstaller - ok

15:43:56.0134 5292  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

15:43:56.0165 5292  tssecsrv - ok

15:43:56.0197 5292  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

15:43:56.0212 5292  TsUsbFlt - ok

15:43:56.0228 5292  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

15:43:56.0259 5292  tunnel - ok

15:43:56.0290 5292  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

15:43:56.0306 5292  uagp35 - ok

15:43:56.0337 5292  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

15:43:56.0368 5292  udfs - ok

15:43:56.0384 5292  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

15:43:56.0399 5292  UI0Detect - ok

15:43:56.0431 5292  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

15:43:56.0431 5292  uliagpkx - ok

15:43:56.0446 5292  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

15:43:56.0477 5292  umbus - ok

15:43:56.0493 5292  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

15:43:56.0509 5292  UmPass - ok

15:43:56.0509 5292  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll

15:43:56.0540 5292  UmRdpService - ok

15:43:56.0571 5292  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll

15:43:56.0618 5292  upnphost - ok

15:43:56.0633 5292  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

15:43:56.0649 5292  usbccgp - ok

15:43:56.0680 5292  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

15:43:56.0696 5292  usbcir - ok

15:43:56.0711 5292  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

15:43:56.0711 5292  usbehci - ok

15:43:56.0727 5292  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

15:43:56.0774 5292  usbhub - ok

15:43:56.0789 5292  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

15:43:56.0789 5292  usbohci - ok

15:43:56.0821 5292  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

15:43:56.0836 5292  usbprint - ok

15:43:56.0867 5292  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

15:43:56.0883 5292  usbscan - ok

15:43:56.0899 5292  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:43:56.0914 5292  USBSTOR - ok

15:43:56.0914 5292  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

15:43:56.0930 5292  usbuhci - ok

15:43:56.0930 5292  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll

15:43:56.0977 5292  UxSms - ok

15:43:56.0977 5292  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe

15:43:56.0992 5292  VaultSvc - ok

15:43:56.0992 5292  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

15:43:57.0008 5292  vdrvroot - ok

15:43:57.0039 5292  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe

15:43:57.0101 5292  vds - ok

15:43:57.0133 5292  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

15:43:57.0148 5292  vga - ok

15:43:57.0148 5292  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys

15:43:57.0179 5292  VgaSave - ok

15:43:57.0195 5292  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

15:43:57.0211 5292  vhdmp - ok

15:43:57.0226 5292  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys

15:43:57.0242 5292  viaagp - ok

15:43:57.0242 5292  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys

15:43:57.0257 5292  ViaC7 - ok

15:43:57.0289 5292  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys

15:43:57.0304 5292  viaide - ok

15:43:57.0320 5292  [ F4C327CEA220C858E057FD82C6D803EA ] VmbService      C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

15:43:57.0320 5292  VmbService ( UnsignedFile.Multi.Generic ) - warning

15:43:57.0320 5292  VmbService - detected UnsignedFile.Multi.Generic (1)

15:43:57.0335 5292  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys

15:43:57.0351 5292  vmbus - ok

15:43:57.0351 5292  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys

15:43:57.0367 5292  VMBusHID - ok

15:43:57.0367 5292  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

15:43:57.0382 5292  volmgr - ok

15:43:57.0398 5292  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

15:43:57.0429 5292  volmgrx - ok

15:43:57.0429 5292  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

15:43:57.0460 5292  volsnap - ok

15:43:57.0523 5292  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

15:43:57.0538 5292  vsmraid - ok

15:43:57.0585 5292  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe

15:43:57.0647 5292  VSS - ok

15:43:57.0663 5292  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys

15:43:57.0679 5292  vwifibus - ok

15:43:57.0710 5292  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll

15:43:57.0741 5292  W32Time - ok

15:43:57.0772 5292  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

15:43:57.0803 5292  WacomPen - ok

15:43:57.0803 5292  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

15:43:57.0819 5292  WANARP - ok

15:43:57.0835 5292  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

15:43:57.0850 5292  Wanarpv6 - ok

15:43:57.0913 5292  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe

15:43:57.0991 5292  WatAdminSvc - ok

15:43:58.0053 5292  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe

15:43:58.0131 5292  wbengine - ok

15:43:58.0147 5292  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

15:43:58.0178 5292  WbioSrvc - ok

15:43:58.0209 5292  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll

15:43:58.0225 5292  wcncsvc - ok

15:43:58.0240 5292  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:43:58.0271 5292  WcsPlugInService - ok

15:43:58.0287 5292  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys

15:43:58.0303 5292  Wd - ok

15:43:58.0318 5292  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

15:43:58.0349 5292  Wdf01000 - ok

15:43:58.0349 5292  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

15:43:58.0381 5292  WdiServiceHost - ok

15:43:58.0381 5292  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

15:43:58.0396 5292  WdiSystemHost - ok

15:43:58.0412 5292  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll

15:43:58.0443 5292  WebClient - ok

15:43:58.0459 5292  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll

15:43:58.0490 5292  Wecsvc - ok

15:43:58.0505 5292  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll

15:43:58.0537 5292  wercplsupport - ok

15:43:58.0537 5292  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll

15:43:58.0568 5292  WerSvc - ok

15:43:58.0568 5292  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

15:43:58.0599 5292  WfpLwf - ok

15:43:58.0615 5292  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

15:43:58.0615 5292  WIMMount - ok

15:43:58.0646 5292  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys

15:43:58.0677 5292  winachsf - ok

15:43:58.0693 5292  WinHttpAutoProxySvc - ok

15:43:58.0708 5292  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

15:43:58.0739 5292  Winmgmt - ok

15:43:58.0786 5292  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll

15:43:58.0849 5292  WinRM - ok

15:43:58.0849 5292  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys

15:43:58.0880 5292  WinUsb - ok

15:43:58.0911 5292  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll

15:43:58.0973 5292  Wlansvc - ok

15:43:58.0989 5292  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

15:43:59.0005 5292  WmiAcpi - ok

15:43:59.0036 5292  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

15:43:59.0067 5292  wmiApSrv - ok

15:43:59.0114 5292  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

15:43:59.0161 5292  WMPNetworkSvc - ok

15:43:59.0176 5292  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll

15:43:59.0207 5292  WPCSvc - ok

15:43:59.0207 5292  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

15:43:59.0239 5292  WPDBusEnum - ok

15:43:59.0254 5292  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

15:43:59.0285 5292  ws2ifsl - ok

15:43:59.0285 5292  WSearch - ok

15:43:59.0301 5292  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

15:43:59.0332 5292  WudfPf - ok

15:43:59.0332 5292  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

15:43:59.0363 5292  WUDFRd - ok

15:43:59.0363 5292  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

15:43:59.0395 5292  wudfsvc - ok

15:43:59.0441 5292  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll

15:43:59.0473 5292  WwanSvc - ok

15:43:59.0473 5292  [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys

15:43:59.0488 5292  XAudio - ok

15:43:59.0504 5292  [ 15A317674A08DF26BE65164D959E9203 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe

15:43:59.0519 5292  XAudioService - ok

15:43:59.0551 5292  [ 966756D861161FCC04D8051F210B942F ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys

15:43:59.0566 5292  ZTEusbmdm6k - ok

15:43:59.0582 5292  [ 966756D861161FCC04D8051F210B942F ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys

15:43:59.0597 5292  ZTEusbnmea - ok

15:43:59.0597 5292  [ 966756D861161FCC04D8051F210B942F ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys

15:43:59.0613 5292  ZTEusbser6k - ok

15:43:59.0629 5292  [ 966756D861161FCC04D8051F210B942F ] ZTEusbvoice     C:\Windows\system32\DRIVERS\ZTEusbvoice.sys

15:43:59.0644 5292  ZTEusbvoice - ok

15:43:59.0644 5292  [ 6C26A5776A1913B5458B4BED50FAF47F ] ZTEusbwwan      C:\Windows\system32\DRIVERS\ZTEusbwwan.sys

15:43:59.0675 5292  ZTEusbwwan - ok

15:43:59.0691 5292  ================ Scan global ===============================

15:43:59.0691 5292  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

15:43:59.0722 5292  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

15:43:59.0722 5292  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

15:43:59.0722 5292  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

15:43:59.0738 5292  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

15:43:59.0738 5292  [Global] - ok

15:43:59.0738 5292  ================ Scan MBR ==================================

15:43:59.0753 5292  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

15:44:00.0221 5292  \Device\Harddisk1\DR1 - ok

15:44:00.0221 5292  ================ Scan VBR ==================================

15:44:00.0221 5292  [ 65A437FA4C1C7030D9CE2870BC5CA583 ] \Device\Harddisk1\DR1\Partition1

15:44:00.0221 5292  \Device\Harddisk1\DR1\Partition1 - ok

15:44:00.0221 5292  ============================================================

15:44:00.0221 5292  Scan finished

15:44:00.0221 5292  ============================================================

15:44:00.0237 5308  Detected object count: 5

15:44:00.0237 5308  Actual detected object count: 5

15:44:26.0211 5308  Akamai ( HiddenFile.Multi.Generic ) - skipped by user

15:44:26.0211 5308  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 

15:44:26.0211 5308  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:26.0211 5308  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:44:26.0211 5308  KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:26.0211 5308  KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:44:26.0211 5308  TPHKLOAD ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:26.0211 5308  TPHKLOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:44:26.0211 5308  VmbService ( UnsignedFile.Multi.Generic ) - skipped by user

15:44:26.0211 5308  VmbService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Schöne Grüße
Lena

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo!
Vielen Dank für Deine schnelle Antwort!
Ich habe den Echtzeit-Scanner von AntiVir vor dem Starten von ComboFix deaktiviert, allerdings kam dann trotzdem eine Meldung von ComboFix, dass AntiVir noch aktiv wäre. Ich wollte AntiVir dann deinstallieren und habe bei der Meldung oben auf das Schließen-Kreuzchen gedrückt. Da wurde ComboFix dann allerdings sofort ausgeführt. Ist es trotzdem so okay oder soll ich es nochmal machen und vorher AntiVir deinstallieren?
Hier die Logdatei:

Code:

ComboFix 12-08-30.01 - Laney 30.08.2012  20:59:05.1.2 - x86

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2006.1179 [GMT 2:00]

ausgeführt von:: c:\users\Laney\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-07-28 bis 2012-08-30  ))))))))))))))))))))))))))))))

.

.

2012-08-30 18:48 . 2012-08-30 18:48        73696        ----a-w-        c:\program files\Mozilla Firefox\breakpadinjector.dll

2012-08-21 14:40 . 2012-08-21 14:40        --------        d-----w-        C:\_OTL

2012-08-15 07:21 . 2012-08-15 07:21        --------        d-----w-        c:\program files\ESET

2012-08-14 14:33 . 2012-08-14 14:33        --------        d-----w-        c:\users\Laney\AppData\Roaming\Malwarebytes

2012-08-14 14:33 . 2012-08-14 14:33        --------        d-----w-        c:\programdata\Malwarebytes

2012-08-14 14:33 . 2012-08-14 14:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-08-14 14:33 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-08-10 13:37 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BE65B9A-E32D-4EA7-979B-50B9A061D857}\mpengine.dll

2012-08-07 18:26 . 2012-08-07 18:26        --------        d-----w-        c:\users\Laney\temp

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-14 00:56 . 2009-07-13 23:11        259072        ----a-w-        c:\windows\system32\services.exe

2012-06-12 02:40 . 2012-07-11 17:45        2345984        ----a-w-        c:\windows\system32\win32k.sys

2012-06-06 13:54 . 2012-07-12 19:12        17328        ----a-w-        c:\windows\system32\drivers\easytthr.sys

2012-06-06 05:05 . 2012-07-11 17:41        1390080        ----a-w-        c:\windows\system32\msxml6.dll

2012-06-06 05:05 . 2012-07-11 17:41        1236992        ----a-w-        c:\windows\system32\msxml3.dll

2012-06-06 05:03 . 2012-07-11 17:41        805376        ----a-w-        c:\windows\system32\cdosys.dll

2012-06-02 22:19 . 2012-06-19 08:03        53784        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 08:03        45080        ----a-w-        c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 08:02        35864        ----a-w-        c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 08:02        577048        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-19 08:03        1933848        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-19 08:03        2422272        ----a-w-        c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-19 08:02        88576        ----a-w-        c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-19 08:02        171904        ----a-w-        c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-19 08:02        33792        ----a-w-        c:\windows\system32\wuapp.exe

2012-06-02 04:45 . 2012-07-11 17:41        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45 . 2012-07-11 17:41        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40 . 2012-07-11 17:41        369336        ----a-w-        c:\windows\system32\drivers\cng.sys

2012-06-02 04:40 . 2012-07-11 17:41        225280        ----a-w-        c:\windows\system32\schannel.dll

2012-06-02 04:39 . 2012-07-11 17:41        219136        ----a-w-        c:\windows\system32\ncrypt.dll

2012-08-30 18:48 . 2011-06-24 08:17        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        94208        ----a-w-        c:\users\Laney\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        94208        ----a-w-        c:\users\Laney\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        94208        ----a-w-        c:\users\Laney\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Laney\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-07-21 55120]

"TpShocks"="TpShocks.exe" [2011-01-14 337256]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]

"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]

"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]

"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-06-16 269824]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-10-04 1322048]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-29 212992]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2012-2-17 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2010-07-21 17:18        100176        ----a-w-        c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages        REG_MULTI_SZ           scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51        919008        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTether]

2012-06-06 13:54        48680        ----a-w-        c:\program files\Mobile Stream\EasyTether\easytthr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]

2010-06-17 19:56        370176        ----a-w-        c:\program files\FreePDF_XP\fpassist.exe

.

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]

R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [x]

S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [x]

S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [x]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]

S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]

S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]

S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]

S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]

S3 KMWDFILTERx86;MLK KM DRIVER;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x]

S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

TCP: DhcpNameServer = 80.69.102.158 80.69.100.102

TCP: Interfaces\{C96CAC45-EEC0-4585-A1EB-2DCC65662880}: NameServer = 10.11.230.3 10.11.230.2

DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://79.218.13.129:1080/RtspVaPgDec.cab

DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab

FF - ProfilePath - c:\users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe

HKLM-Run-ZoneAlarm Installer - c:\program files\CheckPoint\Install\Launcher.exe

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'lsass.exe'(564)

c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

.

- - - - - - - > 'Explorer.exe'(4712)

c:\users\Laney\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\ThinkPad\Utilities\PWMTR32V.DLL

c:\progra~1\ThinkPad\UTILIT~1\GR\PWMRT32V.DLL

c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL

c:\program files\Tracker Software\Shell Extensions\XCShInfo.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\windows\system32\WUDFHost.exe

c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe

c:\windows\system32\AEADISRV.EXE

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\windows\system32\taskhost.exe

c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe

c:\program files\LENOVO\HOTKEY\tposdsvc.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\Zoom\TpScrex.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-08-30  21:12:16 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-08-30 19:12

.

Vor Suchlauf: 1.318.510.592 Bytes frei

Nach Suchlauf: 1.257.291.776 Bytes frei

.

- - End Of File - - 0EE6D69DBC5E688F1D9144A5BF81FC75

Beste Grüße
Laney

Zitat:

FW: ZoneAlarm Free Firewall Firewall *Enabled*

Ist ZoneAlarm bei dir noch installiert?

Das mit Antivir und CF ist leider normal, liegt an AntiVir, dass offensichtlich nicht immer sauber mit dem Windows-Sicherheitscenter kommuniziert

Hi!
Ich habe ZoneAlarm deinstalliert und es taucht bei "Alle Programme" auch nicht mehr auf.

Die Windows Firewall funktioniert wieder.

Eine Frage noch: Ist es in Ordnung, wenn ich morgen eine neue Schriftart installiere oder soll ich damit lieber warten bis wir fertig sind?

Vielen, vielen Dank für die Hilfe,
Laney

Die Schriftart kannst du ruhig installieren

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hallo!

Hier die Logdatei von GMER:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-08-31 09:26:20

Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0  rev.

Running: 3llhn3o9.exe; Driver: C:\Users\Laney\AppData\Local\Temp\uwtdipog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8F253CEE                                                                                                               ZwCreateSection

SSDT            8F253CF8                                                                                                               ZwRequestWaitReplyPort

SSDT            8F253CF3                                                                                                               ZwSetContextThread

SSDT            8F253CFD                                                                                                               ZwSetSecurityObject

SSDT            8F253D02                                                                                                               ZwSystemDebugControl

SSDT            8F253C8F                                                                                                               ZwTerminateProcess
 

INT 0x61        ?                                                                                                                      98EAAA58

INT 0x71        ?                                                                                                                      98EAACD8
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                               82E473C9 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                 82E80D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                    82E87EAC 4 Bytes  [EE, 3C, 25, 8F]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                    82E88208 4 Bytes  [F8, 3C, 25, 8F]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                    82E8824C 4 Bytes  [F3, 3C, 25, 8F]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                    82E882C8 4 Bytes  [FD, 3C, 25, 8F]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                    82E8831C 4 Bytes  [02, 3D, 25, 8F]

.text           ...                                                                                                                    
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\System32\rundll32.exe[2416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                  [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\System32\rundll32.exe[2416] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                   [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\System32\rundll32.exe[2416] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\System32\rundll32.exe[2416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                 [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\System32\rundll32.exe[2416] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                 [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\KMProcess.exe[2564] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]     [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\KMProcess.exe[2564] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]        [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\KMProcess.exe[2564] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]       [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\KMProcess.exe[2564] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]      [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\KMProcess.exe[2564] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]      [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\KMConfig.exe[2884] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]        [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\KMConfig.exe[2884] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]         [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\KMConfig.exe[2884] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]       [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\KMConfig.exe[2884] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]      [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\KMConfig.exe[2884] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]       [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\KMConfig.exe[2884] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]       [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\StartAutorun.exe[3160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\StartAutorun.exe[3160] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\StartAutorun.exe[3160] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Mouse Driver\StartAutorun.exe[3160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [74F4FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 

Device          \Driver\ACPI_HAL \Device\0000005b                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice  \FileSystem\fastfat \Fat                                                                                               fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e4cd7db36                                            

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e4cd7db36@6c23b9704036                               0x53 0x4B 0xDF 0x30 ...

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e4cd7db36 (not active ControlSet)                        

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e4cd7db36@6c23b9704036                                   0x53 0x4B 0xDF 0x30 ...
 

---- Disk sectors - GMER 1.0.15 ----
 

Disk            \Device\Harddisk1\DR1                                                                                                  sector 00: rootkit-like behavior
 

---- EOF - GMER 1.0.15 ----

Die Logdatei von OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 09:33:11 on 31.08.2012
 

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit

Default Browser: Mozilla Corporation Firefox 15.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"PWMCP32V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP32V.cpl

"TpShCPL.cpl" - "Lenovo." - C:\Windows\system32\TpShCPL.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\Windows\System32\DRIVERS\ApsHM86.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\Users\Laney\AppData\Local\Temp\catchme.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys

"DozeHDD" (DozeHDD) - "Lenovo." - C:\Windows\System32\DRIVERS\DozeHDD.sys

"Shockprf" (Shockprf) - "Lenovo." - C:\Windows\System32\DRIVERS\Apsx86.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"uwtdipog" (uwtdipog) - ? - C:\Users\Laney\AppData\Local\Temp\uwtdipog.sys  (Hidden registry entry, rootkit activity | File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL

{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll

{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll

{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll

{D1079645-619B-4D0B-8FD5-1008B95134E1} "PureSync Shell Extension Class" - "Jumping Bytes" - C:\Program Files\PureSync\shellext\psshell32.dll

{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{816BE035-1450-40D0-8A3B-BA7825A83A77} "IASRunner Class" - "Lenovo (United States) Inc" - C:\Program Files\Lenovo\AcpIRExe\AcpIRExe.exe / hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} "RtspVaPgCtrl Class" - ? - C:\Windows\Downloaded Program Files\RtspVapgDecoder.dll / hxxp://79.218.13.129:1080/RtspVaPgDec.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Notification packages" - "UPEK Inc." - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Akamai NetSession Interface" - "Akamai Technologies, Inc." - "C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

"IaNvSrv" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe

"KMCONFIG" - "UASSOFT.COM" - C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe

"MobileBroadband" - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent

"PSQLLauncher" - "UPEK Inc." - "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup

"PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"TpShocks" - "Lenovo." - TpShocks.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"7-PDF Print Monitor" - "7-PDF, Germany - Th. Hodes" - C:\Windows\system32\pdf7.dll

"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"Akamai NetSession Interface" (Akamai) - "Akamai Technologies, Inc" - c:\program files\common files\akamai\netsession_win_4f7fccd.dll

"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

"Keyboard And Mouse Communication Service" (KMWDSERVICE) - "UASSOFT.COM" - C:\Program Files\Mouse Driver\KMWDSrv.exe

"Lenovo Auto Scroll" (Lenovo.VIRTSCRLSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

"Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

"Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

"Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\Windows\System32\TPHDEXLG.exe

"Vodafone-Mobile-Broadband-Dienst" (VmbService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"psfus" - "UPEK Inc." - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Und die Logdatei von aswMBR:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-08-31 09:34:40

-----------------------------

09:34:40.274    OS Version: Windows 6.1.7601 Service Pack 1

09:34:40.274    Number of processors: 2 586 0x1706

09:34:40.274    ComputerName: TORNADO  UserName: Laney

09:34:41.506    Initialize success

09:35:32.867    AVAST engine defs: 12083001

09:35:39.919    Disk 0  \Device\Harddisk0\DR0 -> \Device\RobsonImd-0

09:35:39.919    Disk 0 Vendor:   Size: 513MB BusType: 0

09:35:39.919    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0

09:35:39.919    Disk 1 Vendor:   Size: 513MB BusType: 0

09:35:40.075    Disk 1 MBR read successfully

09:35:40.075    Disk 1 MBR scan

09:35:40.075    Disk 1 Windows 7 default MBR code

09:35:40.075    Disk 1 MBR hidden

09:35:40.090    Disk 1 Partition 1 00     27 Hidden NTFS WinRE NTFS         4915 MB offset 2048

09:35:40.090    Disk 1 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147710 MB offset 10067968

09:35:40.309    Disk 1 scanning C:\Windows\system32\drivers

09:36:29.121    Service scanning

09:36:47.139    Modules scanning

09:38:44.950    Disk 1 trace - called modules:

09:38:44.997    

09:38:45.840    AVAST engine scan C:\Windows

09:39:35.151    AVAST engine scan C:\Windows\system32

09:57:05.080    AVAST engine scan C:\Windows\system32\drivers

10:00:11.859    AVAST engine scan C:\Users\Laney

10:11:42.722    Disk 1 MBR has been saved successfully to "C:\Users\Laney\Desktop\MBR.dat"

10:11:42.738    The log file has been saved successfully to "C:\Users\Laney\Desktop\aswMBR.txt"
 
 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-08-31 10:12:06

-----------------------------

10:12:06.686    OS Version: Windows 6.1.7601 Service Pack 1

10:12:06.686    Number of processors: 2 586 0x1706

10:12:06.686    ComputerName: TORNADO  UserName: Laney

10:12:07.513    Initialize success

10:12:12.973    AVAST engine defs: 12083001

10:12:28.027    Disk 0  \Device\Harddisk0\DR0 -> \Device\RobsonImd-0

10:12:28.027    Disk 0 Vendor:   Size: 513MB BusType: 0

10:12:28.042    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0

10:12:28.042    Disk 1 Vendor:   Size: 513MB BusType: 0

10:12:28.183    Disk 1 MBR read successfully

10:12:28.183    Disk 1 MBR scan

10:12:28.183    Disk 1 Windows 7 default MBR code

10:12:28.183    Disk 1 MBR hidden

10:12:28.198    Disk 1 Partition 1 00     27 Hidden NTFS WinRE NTFS         4915 MB offset 2048

10:12:28.261    Disk 1 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147710 MB offset 10067968

10:12:28.401    Disk 1 scanning C:\Windows\system32\drivers

10:14:07.274    Service scanning

10:14:23.576    Modules scanning

10:16:28.298    Disk 1 trace - called modules:

10:16:28.408    

10:16:29.063    AVAST engine scan C:\Windows

10:17:39.216    AVAST engine scan C:\Windows\system32

10:43:07.364    AVAST engine scan C:\Windows\system32\drivers

10:46:16.124    AVAST engine scan C:\Users\Laney

11:26:49.759    AVAST engine scan C:\ProgramData

11:32:22.882    Scan finished successfully

11:32:46.938    Disk 1 MBR has been saved successfully to "C:\Users\Laney\Desktop\MBR.dat"

11:32:46.938    The log file has been saved successfully to "C:\Users\Laney\Desktop\aswMBR.txt"

Ich habe gestern noch die Benachrichtigung bekommen, dass neue Windows Updates vorhanden sind, es sind verschiedene Updates und Sicherheitsupdates und diese Datei: Windows-Tool zum Entfernen bösartiger Software - August 2012 (KB890830). Soll, bzw. darf ich die jetzt installieren?

Vielen Dank und schöne Grüße
Laney

Nein noch nichts installieren!
Irgendwas im MBR wird da noch gemeldet

Live-System PartedMagic / GParted

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

http://partedmagic.com/lib/exe/fetch...ia=desktop.png

4. Du müsstest ein Symbol PartitionEditor auf dem Desktop finden, das doppelklicken
5. Wenn das Tool die Partitionen aufgelistet hat, bitte einen Screenshot mit Hilfe der Taste DRUCK auf der Tastatur erstellen, diesen Screenshot hier posten (idR hast du einen Internetzugang mit PartedMagic, wenn nicht einfach den Screenshot auf einem Stick abspeichern und unter Windows hier posten)

Hi!
Ich habe die Updates nicht installiert.
Für das Brennen des ISO-Images habe ich ImgBurn installiert, ich hoffe das war ok.
Der Screenshot ist angehangen, ich wusste nicht, wie ich ihn sonst posten kann.
Vielen Dank,
Laney

Welches Brennprogramm du nimmst ist völlig egal solange du damit korrekt CD-Abbilder per Imagebrennfunktion brennen kannst.

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Hi!
Der erste Schritt, den MBR fixen, hat funktioniert. Aber jetzt kann ich keinen neuen Scan mit aswMBR machen. Der Computer reagiert dabei irgendwann nicht mehr, beim letzten Mal war er gerade bei diesem Schritt:
Disk 1 trace - called modules
Ich habe auch versucht unten bei AV scan (none) auszuwählen, aber als ich mit der Einstellung den Scan gemacht habe, kam ein blauer Bildschirm und der Computer hat sich von alleine neu gestartet.
Schöne Grüße
Laney

Zu aswMBR hatte ich unten einen Hinweise gepostet:

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hi!
Das habe ich gemacht, allerdings wurde der Bildschirm dann blau und es stand dort, dass ein Vorgang unterbrochen wurde, der Windows beschädigen würde und dann hat der Rechner von alleine einen Neustart gemacht. Ich weiß leider nicht genau, was dort stand, da der Text nur kurz erschien. Tut mir Leid.
Vielen Dank für Deine Hilfe,
Laney

Wiederhol den Scan mit aswMBR bitte nochmal

Hallo!
Dieses Mal hat es funktioniert, tut mir Leid, dass es vorher nicht geklappt hat.
Hier die Logdatei:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-08-31 21:04:29

-----------------------------

21:04:29.917    OS Version: Windows 6.1.7601 Service Pack 1

21:04:29.917    Number of processors: 2 586 0x1706

21:04:29.933    ComputerName: TORNADO  UserName: Laney

21:04:35.486    Initialize success

21:04:47.405    AVAST engine defs: 12083001

21:04:57.124    Disk 0  \Device\Harddisk0\DR0 -> \Device\RobsonImd-0

21:04:57.139    Disk 0 Vendor:   Size: 513MB BusType: 0

21:04:57.139    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0

21:04:57.139    Disk 1 Vendor:   Size: 513MB BusType: 0

21:04:57.155    Disk 1 MBR read successfully

21:04:57.155    Disk 1 MBR scan

21:04:57.186    Disk 1 Windows 7 default MBR code

21:04:57.186    Disk 1 MBR hidden

21:04:57.202    Disk 1 Partition 1 00     27 Hidden NTFS WinRE NTFS         4915 MB offset 2048

21:04:57.202    Disk 1 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147710 MB offset 10067968

21:04:57.233    Disk 1 scanning C:\Windows\system32\drivers

21:05:10.836    Service scanning

21:05:38.885    Modules scanning

21:05:56.076    Disk 1 trace - called modules:

21:05:56.092    

21:05:57.090    AVAST engine scan C:\Windows

21:06:01.583    AVAST engine scan C:\Windows\system32

21:09:06.943    AVAST engine scan C:\Windows\system32\drivers

21:09:23.385    AVAST engine scan C:\Users\Laney

21:13:53.359    AVAST engine scan C:\ProgramData

21:14:26.571    Scan finished successfully

21:14:58.474    Disk 1 MBR has been saved successfully to "C:\Users\Laney\Desktop\MBR.dat"

21:14:58.474    The log file has been saved successfully to "C:\Users\Laney\Desktop\aswMBR.txt"

Vielen Dank für Deine Hilfe und Geduld!
Laney

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Guten Morgen!
Hier die Logdatei von Malwarebytes:

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.08.31.12
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Laney :: TORNADO [Administrator]
 

31.08.2012 22:54:44

mbam-log-2012-08-31 (22-54-44).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 370611

Laufzeit: 53 Minute(n), 3 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Program Files\pdfsam\pdfsam-starter.exe (Trojan.Agent.VGENX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

und die Logdatei von SASW:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 09/01/2012 at 02:10 AM
 

Application Version : 5.5.1012
 

Core Rules Database Version : 9163

Trace Rules Database Version: 6975
 

Scan type       : Complete Scan

Total Scan Time : 02:09:02
 

Operating System Information

Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Administrator
 

Memory items scanned      : 919

Memory threats detected   : 0

Registry items scanned    : 35803

Registry threats detected : 0

File items scanned        : 138012

File threats detected     : 513
 

Adware.Tracking Cookie

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\B2EKK0K5.txt [ /www.zanox-affiliate.de ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\QO94OYGY.txt [ /ads.creative-serving.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\XE36FBX9.txt [ /ad1.adfarm1.adition.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\KK5ILUNF.txt [ /atdmt.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\8J6NI9GZ.txt [ /track.adform.net ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\UT7DX82U.txt [ /ad.zanox.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\WQM6QLC0.txt [ /smartadserver.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\QV0LL7I1.txt [ /www.windowsmedia.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\18L137D4.txt [ /bs.serving-sys.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\TO1X1WVS.txt [ /serving-sys.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\URK9GZ7P.txt [ /c.atdmt.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\ZROCCOTZ.txt [ /zanox-affiliate.de ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\78WIEDAR.txt [ /fastclick.net ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\9K7VJD11.txt [ /unitymedia.de ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\AZ0D5DXJ.txt [ /adform.net ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\RNW3NYG0.txt [ /apmebf.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\090MA62D.txt [ /adfarm1.adition.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\KG51MWCY.txt [ /tracking.quisma.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\E74JOAMU.txt [ /ad.dyntracker.de ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\7D2ADS6L.txt [ /mediaplex.com ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\2Z2HMYEZ.txt [ /doubleclick.net ]

        C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Cookies\X2I0YS2X.txt [ /zanox.com ]

        C:\USERS\LANEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\12PAZKCH.txt [ Cookie:laney@atdmt.com/ ]

        C:\USERS\LANEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\VI5MVIWT.txt [ Cookie:laney@imrworldwide.com/cgi-bin ]

        C:\USERS\LANEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\G622BM3L.txt [ Cookie:laney@bs.serving-sys.com/ ]

        C:\USERS\LANEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\YANC1RCO.txt [ Cookie:laney@serving-sys.com/ ]

        C:\USERS\LANEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\987D74YK.txt [ Cookie:laney@c.atdmt.com/ ]

        C:\USERS\LANEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\laney@apmebf[1].txt [ Cookie:laney@apmebf.com/ ]

        C:\USERS\LANEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\laney@mediaplex[1].txt [ Cookie:laney@mediaplex.com/ ]

        C:\USERS\LANEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\9EXAPIFC.txt [ Cookie:laney@ad2.adfarm1.adition.com/ ]

        C:\USERS\LANEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XF2GZTFN.txt [ Cookie:laney@doubleclick.net/ ]

        C:\USERS\LANEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\JI4JPHDG.txt [ Cookie:laney@specificclick.net/ ]

        C:\USERS\LANEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\LVPJT1Z0.txt [ Cookie:laney@adviva.net/ ]

        C:\USERS\LANEY\Cookies\B2EKK0K5.txt [ Cookie:laney@www.zanox-affiliate.de/ ]

        C:\USERS\LANEY\Cookies\XE36FBX9.txt [ Cookie:laney@ad1.adfarm1.adition.com/ ]

        C:\USERS\LANEY\Cookies\KK5ILUNF.txt [ Cookie:laney@atdmt.com/ ]

        C:\USERS\LANEY\Cookies\8J6NI9GZ.txt [ Cookie:laney@track.adform.net/ ]

        C:\USERS\LANEY\Cookies\UT7DX82U.txt [ Cookie:laney@ad.zanox.com/ ]

        C:\USERS\LANEY\Cookies\WQM6QLC0.txt [ Cookie:laney@smartadserver.com/ ]

        C:\USERS\LANEY\Cookies\QV0LL7I1.txt [ Cookie:laney@www.windowsmedia.com/ ]

        C:\USERS\LANEY\Cookies\18L137D4.txt [ Cookie:laney@bs.serving-sys.com/ ]

        C:\USERS\LANEY\Cookies\TO1X1WVS.txt [ Cookie:laney@serving-sys.com/ ]

        C:\USERS\LANEY\Cookies\URK9GZ7P.txt [ Cookie:laney@c.atdmt.com/ ]

        C:\USERS\LANEY\Cookies\ZROCCOTZ.txt [ Cookie:laney@zanox-affiliate.de/ ]

        C:\USERS\LANEY\Cookies\9K7VJD11.txt [ Cookie:laney@unitymedia.de/ ]

        C:\USERS\LANEY\Cookies\RNW3NYG0.txt [ Cookie:laney@apmebf.com/ ]

        C:\USERS\LANEY\Cookies\KG51MWCY.txt [ Cookie:laney@tracking.quisma.com/ ]

        C:\USERS\LANEY\Cookies\E74JOAMU.txt [ Cookie:laney@ad.dyntracker.de/ ]

        C:\USERS\LANEY\Cookies\7D2ADS6L.txt [ Cookie:laney@mediaplex.com/ ]

        C:\USERS\LANEY\Cookies\2Z2HMYEZ.txt [ Cookie:laney@doubleclick.net/ ]

        C:\USERS\LANEY\Cookies\X2I0YS2X.txt [ Cookie:laney@zanox.com/ ]

        .apmebf.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        tracking.mlsat02.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ade.realclick.co.kr [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .deutschepostag.112.2o7.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .amazon-adsystem.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .amazon-adsystem.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        tracking.tchibo.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .eyewonder.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .eyewonder.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adbrite.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.active-tracking.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.active-tracking.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.active-tracking.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        zbox.zanox.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.unitymedia.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.122.2o7.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .skydeutschland.122.2o7.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .content.yieldmanager.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.zanox-affiliate.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .content.yieldmanager.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .a.revenuemax.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .app.unitymedia.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        app.unitymedia.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        app.unitymedia.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.zalando.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webstats4u.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .debenhams.122.2o7.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tomorrowfocustechnologiesgmbh.112.2o7.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        aimfar.solution.weborama.fr [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .spacefoot.solution.weborama.fr [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .weborama.fr [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .weborama.fr [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .weborama.fr [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .weboramapublishertrackinguk2.solution.weborama.fr [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .weboramapublishertrackinguk2.solution.weborama.fr [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .statcounter.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .kaminofen-discount24.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .kaminofen-discount24.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .kaminofen-discount24.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .ru4.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .lucidmedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .e-2dj6wflokhc5gbq.stats.esomniture.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .e-2dj6whkiwodpmgq.stats.esomniture.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .at.atwola.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.dyntracker.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .yieldmanager.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        server.adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .liveperson.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.adition.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.adition.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.dyntracker.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adbrite.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        partners.webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .e-2dj6wmloekcjaap.stats.esomniture.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .olympiaverlag.122.2o7.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        media4.tchibo-content.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        tracking.sim-technik.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .stats.paypal.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        adserv.quality-channel.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        tomtailor.dyntracker.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.dyntracker.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.dyntracker.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        tracking.mobile.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        server.adformdsp.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adformdsp.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adbrite.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        server.adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        stats.bmw.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        media.gan-online.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.dyntracker.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.thelabelfinder.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.thelabelfinder.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.effiliation.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        media.gan-online.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tradetracker.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .c1.atdmt.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .microsoftsto.112.2o7.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adxpose.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .rezidor.112.2o7.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .zanox-affiliate.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.usenext.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        rtbma.revenuemax.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www6.addfreestats.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        targeting.revenuemax.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad1.adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adviva.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.unitymedia.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        web.unitymedia.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .bs.serving-sys.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tribalfusion.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        adx.chip.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .clickfuse.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .clickfuse.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .questionmarket.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .questionmarket.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .questionmarket.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .questionmarket.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .c.atdmt.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .c.atdmt.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .clickfuse.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.dyntracker.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revenuemax.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .zanox-affiliate.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tracking.mindshare.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tracker.vinsight.de [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .guj.122.2o7.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad3.adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ww251.smartadserver.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adform.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad2.adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        ad4.adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\LANEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8BZRQKLG.DEFAULT\COOKIES.SQLITE ]

Danke schön,
Laney

Sieht ok aus, da wurden nur Cookies gefunden, der angebliche Fund bei PDFsam ist ein Fehalarm.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hi!
Das ist ja super!!!
Mein Rechner macht keinerlei Probleme mehr.
Vielen, vielen Dank für Deine tolle Hilfe und Deine Geduld!!!
:dankeschoen:
Beste Grüße
Laney

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Super!
Vielen, vielen Dank!!!
Beste Grüße
Laney

Hallo cosinus!

Ich habe leider doch noch ein Problem.
Ich habe jetzt versucht die Windows Updates zu installieren, allerdings bekomme ich da immer den Fehlercode 80246008.
Ich habe zu diesem Fehler gegoogelt und der Fehler hängt wohl mit dem Intelligenten Hintergrundübertragungsdienst (BITS) zusammen. Diesen Intelligenten Hintergrundübertragungsdienst finde ich aber leider nicht, wenn ich mir unter Verwaltung die Liste der Dienste anschaue.

Bevor ich die Probleme mit diesem Live Security Platinum hatte, hat Windows Update ohne Probleme funktioniert.

Kannst Du mir hierbei helfen?

Schöne Grüße
Laney