Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.10.2011, 17:12   #1
gkortenhaus
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



Liebe Trojaner-Boardler
auch ich habe ein ähnliches Problem, wie Panda Bär
http://www.trojaner-board.de/103534-...entfernen.html
wahrscheinlich habe ich sogar den gleichen Trojaner da wir kurz vorher Daten über USB-Sticks und externe Festplatten ausgetauscht haben.
Auch bei mir werden die Ordner zum Teil als Verknüpfungen angezeigt und zwar sowohl auf der eigenen, als auch auf der externen Festplatte, meinem iPod und meiner SD-Card von der Digi-Cam.
Ich habe bereits die im anderen Forum empfohlenen Scans durchgeführt.
Die Logs sind:

Malwarebytes:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7850

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.10.2011 22:50:00
mbam-log-2011-10-02 (22-49-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 429026
Laufzeit: 57 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 25
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 19
Infizierte Dateien: 29

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790776B376595635A193 (Malware.Trace) -> Value: SRS_IT_E8790776B376595635A193 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> No action taken.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> No action taken.
c:\Users\Gustav\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0 (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\shopperreports3 (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> No action taken.

Infizierte Dateien:
c:\program files (x86)\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\Pltfrm.dll (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\shopperreports.dll (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> No action taken.
c:\Users\Gustav\AppData\Roaming\Pzwewt.exe (Backdoor.WimNort.Gen) -> No action taken.
c:\Users\Gustav\downloads\Internet\xvidsetup.exe (Adware.Hotbar) -> No action taken.
e:\RECYCLER\b845ef76.exe (Backdoor.WimNort.Gen) -> No action taken.
f:\RECYCLER\b845ef76.exe (Backdoor.WimNort.Gen) -> No action taken.
i:\RECYCLER\b845ef76.exe (Backdoor.WimNort.Gen) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> No action taken.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> No action taken.
c:\program files (x86)\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> No action taken.


Eset:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=57fc91a18feb98459bcae2b911d49758
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-03 07:05:40
# local_time=2011-10-03 01:05:40 (-0600, Mittelamerikanische Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 69163554 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=238757
# found=7
# cleaned=0
# scan_time=5436
E:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Abipräsentation.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Daemon Tools.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Fotos.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Musik.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Spiele.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I


OTL:
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,97 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,69% Memory free
7,93 Gb Paging File | 6,69 Gb Available in Paging File | 84,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 170,84 Gb Free Space | 59,94% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 276,95 Gb Free Space | 59,46% Space Free | Partition Type: NTFS
Drive F: | 3,68 Gb Total Space | 3,68 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Drive I: | 74,31 Gb Total Space | 41,77 Gb Free Space | 56,21% Space Free | Partition Type: FAT32

Computer Name: GUSTAV-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.10.03 08:28:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Gustav\Downloads\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.02.14 19:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.04.15 02:17:14 | 000,427,328 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2010.04.15 02:16:48 | 000,288,064 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010.04.02 02:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.02.09 12:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.29 17:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.12.14 02:06:12 | 000,206,072 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.09.24 06:14:56 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.01.16 01:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011.02.14 19:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.02.14 19:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.17 06:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.12.14 02:06:12 | 000,206,072 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Win32 Services (SafeList) ==========



und dann noch
OTL Extras logfile created on: 03.10.2011 08:30:57 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Gustav\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,97 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,69% Memory free
7,93 Gb Paging File | 6,69 Gb Available in Paging File | 84,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 170,84 Gb Free Space | 59,94% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 276,95 Gb Free Space | 59,46% Space Free | Partition Type: NTFS
Drive F: | 3,68 Gb Total Space | 3,68 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Drive I: | 74,31 Gb Total Space | 41,77 Gb Free Space | 56,21% Space Free | Partition Type: FAT32

Computer Name: GUSTAV-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*




Danach habe ich den angegebenen OTL-Fix durchgeführt:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Dvgugx not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17fe463e-51a0-11e0-9b2c-0019db06db58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17fe463e-51a0-11e0-9b2c-0019db06db58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17fe463e-51a0-11e0-9b2c-0019db06db58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17fe463e-51a0-11e0-9b2c-0019db06db58}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17fe464d-51a0-11e0-9b2c-0019db06db58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17fe464d-51a0-11e0-9b2c-0019db06db58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17fe464d-51a0-11e0-9b2c-0019db06db58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17fe464d-51a0-11e0-9b2c-0019db06db58}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{271cc1bb-7b1b-11e0-be9e-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{271cc1bb-7b1b-11e0-be9e-001617544ae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{271cc1bb-7b1b-11e0-be9e-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{271cc1bb-7b1b-11e0-be9e-001617544ae9}\ not found.
File M:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49cdee29-0931-11d6-8065-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49cdee29-0931-11d6-8065-00038a000015}\ not found.
File D:\programs\nu2menu\nu2menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72fc8003-c7e6-11df-98b1-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72fc8003-c7e6-11df-98b1-001617544ae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72fc8003-c7e6-11df-98b1-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72fc8003-c7e6-11df-98b1-001617544ae9}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7be823f6-c4e0-11e0-bc8b-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7be823f6-c4e0-11e0-bc8b-001617544ae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7be823f6-c4e0-11e0-bc8b-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7be823f6-c4e0-11e0-bc8b-001617544ae9}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e02ede-734e-11e0-bef7-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e02ede-734e-11e0-bef7-001617544ae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e02ede-734e-11e0-bef7-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e02ede-734e-11e0-bef7-001617544ae9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3d61049-c1ea-11e0-b9ff-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3d61049-c1ea-11e0-b9ff-001617544ae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3d61049-c1ea-11e0-b9ff-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3d61049-c1ea-11e0-b9ff-001617544ae9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed803c49-5be1-11e0-9e7e-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed803c49-5be1-11e0-9e7e-001617544ae9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed803c49-5be1-11e0-9e7e-001617544ae9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed803c49-5be1-11e0-9e7e-001617544ae9}\ not found.
File D:\automenu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
File M:\AutoRun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Dvgugx\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: Gustav
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120103757 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95016060 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 205,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10032011_085658

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Den Kaspersky-Tool habe ich auch ausgeführt allerdings hatte er bei mir ein anderes Format als das angegebene und ich habe auch keinen Log einsehen können.
Ich wollte jetzt lieber nochmal nachfragen bevor ich ComboFix benutze, ob ich nach dem gleichen Prozedere wie Panda Bär verfahren kann, obwohl ich ein anderes Betriebssystem (Windows 7) habe.
Vielen Dank schon mal im Vorraus
Viele Grüße aus Costa Rica
Gustav

Geändert von gkortenhaus (03.10.2011 um 17:46 Uhr)

Alt 04.10.2011, 16:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Zitat:
Danach habe ich den angegebenen OTL-Fix durchgeführt:
Fixscripte egal zu welchem Tool sind nur für einen bestimmten Rechner in der aktuellen Situation bestimmt! Die kannst nicht einfach ein fremdes Fixscript auf deinem Rechner ausführen, in vielen Fällen ist es wirkungslos wenn du Pech zerstörst du dir damit dein System! Also mach nicht irgendwelche Sachen auf eigene Faust mit Tools, die du nicht beherrscht.
__________________

__________________

Alt 05.10.2011, 00:06   #3
gkortenhaus
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



Tut mir Leid dass ich so nen Mist gebaut habe ... ich hoffe das war jetzt nicht zu schlecht.
Ich habe den malware scan nochmal durchgefürt. Diesmalt hat er nur 3 Sachen gefunden, die ich dann entfernt habe.

Objects scanned: 388839
Time elapsed: 55 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Danke nochmal
__________________

Alt 05.10.2011, 01:56   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Alt 05.10.2011, 04:39   #5
gkortenhaus
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=57fc91a18feb98459bcae2b911d49758
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-03 07:05:40
# local_time=2011-10-03 01:05:40 (-0600, Mittelamerikanische Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 69163554 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=238757
# found=7
# cleaned=0
# scan_time=5436
E:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Abipräsentation.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Daemon Tools.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Fotos.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Musik.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Spiele.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=57fc91a18feb98459bcae2b911d49758
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-05 03:16:12
# local_time=2011-10-04 09:16:12 (-0600, Mittelamerikanische Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 69320155 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=254512
# found=0
# cleaned=0
# scan_time=7867


Alt 05.10.2011, 15:07   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



Das erste OTL-Log hast du unvollständig gepostet, poste es bitte komplett.
__________________
--> TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?

Alt 05.10.2011, 21:37   #7
gkortenhaus
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.10.2011 08:30:56 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Gustav\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,69% Memory free
7,93 Gb Paging File | 6,69 Gb Available in Paging File | 84,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 170,84 Gb Free Space | 59,94% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 276,95 Gb Free Space | 59,46% Space Free | Partition Type: NTFS
Drive F: | 3,68 Gb Total Space | 3,68 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Drive I: | 74,31 Gb Total Space | 41,77 Gb Free Space | 56,21% Space Free | Partition Type: FAT32
 
Computer Name: GUSTAV-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.03 08:28:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Gustav\Downloads\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.02.14 19:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.04.15 02:17:14 | 000,427,328 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2010.04.15 02:16:48 | 000,288,064 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010.04.02 02:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.02.09 12:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.29 17:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.12.14 02:06:12 | 000,206,072 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.09.24 06:14:56 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.01.16 01:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.02.14 19:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.02.14 19:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.17 06:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.12.14 02:06:12 | 000,206,072 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.03.18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.26 11:57:52 | 000,841,248 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.29 17:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.16 01:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.20 13:50:42 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.03.11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.09.28 08:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.04.28 00:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.28 00:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.11.13 03:47:00 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.09.17 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.14 22:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.21 03:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.08.10 22:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.23 21:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.18 06:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.25 21:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360111x406l0493z145i58m1u82o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360111x406l0493z145i58m1u82o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360111x406l0493z145i58m1u82o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360111x406l0493z145i58m1u82o
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.14 12:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.14 12:02:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.30 13:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.22 10:49:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.27 16:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.05.01 07:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.30 13:11:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 02:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 02:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 02:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 02:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 02:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKCU..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 196.40.31.66 196.40.31.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98FB3341-ACFE-43A6-B142-AA638530E6E5}: DhcpNameServer = 196.40.31.66 196.40.31.67
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.02 23:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.10.02 22:49:54 | 000,000,000 | ---D | C] -- C:\Logs
[2011.10.02 22:49:54 | 000,000,000 | ---D | C] -- \Logs
[2011.10.02 21:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.02 21:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.02 21:40:56 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.10.02 21:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.10.02 21:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011.10.02 21:10:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2011.10.02 21:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011.10.02 21:09:23 | 000,000,000 | -HSD | C] -- C:\Users\admin\Vorlagen
[2011.10.02 21:09:23 | 000,000,000 | -HSD | C] -- C:\Users\admin\Startmenü
[2011.10.02 21:09:23 | 000,000,000 | -HSD | C] -- C:\Users\admin\SendTo
[2011.10.02 21:09:23 | 000,000,000 | -HSD | C] -- C:\Users\admin\Recent
[2011.10.02 21:09:23 | 000,000,000 | -HSD | C] -- C:\Users\admin\Netzwerkumgebung
[2011.10.02 21:09:23 | 000,000,000 | -HSD | C] -- C:\Users\admin\Lokale Einstellungen
[2011.10.02 21:09:23 | 000,000,000 | -HSD | C] -- C:\Users\admin\Eigene Dateien
[2011.10.02 21:09:23 | 000,000,000 | -HSD | C] -- C:\Users\admin\Druckumgebung
[2011.10.02 21:09:23 | 000,000,000 | -HSD | C] -- C:\Users\admin\Cookies
[2011.10.02 21:09:23 | 000,000,000 | -HSD | C] -- C:\Users\admin\Anwendungsdaten
[2011.10.02 21:09:22 | 000,000,000 | R--D | C] -- C:\Users\admin\Videos
[2011.10.02 21:09:22 | 000,000,000 | R--D | C] -- C:\Users\admin\Pictures
[2011.10.02 21:09:22 | 000,000,000 | R--D | C] -- C:\Users\admin\Music
[2011.10.02 21:09:22 | 000,000,000 | R--D | C] -- C:\Users\admin\Links
[2011.10.02 21:09:22 | 000,000,000 | R--D | C] -- C:\Users\admin\Favorites
[2011.10.02 21:09:22 | 000,000,000 | R--D | C] -- C:\Users\admin\Downloads
[2011.10.02 21:09:22 | 000,000,000 | R--D | C] -- C:\Users\admin\Documents
[2011.10.02 21:09:22 | 000,000,000 | R--D | C] -- C:\Users\admin\Desktop
[2011.10.02 21:09:22 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData
[2011.10.02 21:09:22 | 000,000,000 | ---D | C] -- C:\Users\admin\Saved Games
[2011.09.28 16:40:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.09.28 16:40:56 | 000,000,000 | -HSD | C] -- \Config.Msi
[2011.09.26 21:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.09.20 15:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011.09.20 15:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011.09.20 13:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2011.09.20 13:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2011.09.20 13:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2011.09.20 13:35:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.09.20 13:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011.09.18 21:10:33 | 000,000,000 | ---D | C] -- C:\e688f1053dc73282b7628f1b74379d
[2011.09.18 21:10:33 | 000,000,000 | ---D | C] -- \e688f1053dc73282b7628f1b74379d
[2011.09.18 16:11:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011.09.18 16:10:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011.09.04 07:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games
[2011.09.04 07:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.03 08:31:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.03 08:31:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.03 08:24:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.03 08:23:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.03 08:23:43 | 3193,643,008 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.03 01:09:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.02 21:50:57 | 001,646,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.02 21:50:57 | 000,711,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.02 21:50:57 | 000,662,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.02 21:50:57 | 000,153,766 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.02 21:50:57 | 000,124,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.01 22:46:02 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011.09.29 17:15:39 | 000,000,032 | ---- | M] () -- C:\Windows\Menu.INI
[2011.09.21 15:52:31 | 000,414,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.09.20 15:25:03 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2011.09.20 13:50:42 | 000,828,912 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.02 21:10:07 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.10.02 21:10:07 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011.10.02 21:10:07 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011.10.02 21:10:06 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011.09.20 15:22:09 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.09.12 06:26:42 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.08.11 15:22:16 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.08.11 15:22:16 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.04.09 10:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.14 07:18:35 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.03.14 07:18:35 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.04 12:44:29 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.01.20 12:35:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.08 11:33:16 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.08 11:16:05 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2010.10.08 11:16:05 | 000,206,072 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.10.08 11:16:05 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010.10.08 11:16:05 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010.10.08 10:56:14 | 3193,643,008 | -HS- | C] () -- \hiberfil.sys
[2010.04.08 09:15:03 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2010.04.08 08:53:55 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.07.13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002.07.31 12:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.09.15 18:08:26 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.02 21:41:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2009.07.14 01:44:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs
[2011.10.02 23:04:46 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft
[2011.10.02 23:01:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mozilla
[2011.10.02 21:10:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Simply Super Software
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 07:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 00:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 00:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 00:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 00:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 00:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 00:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 07:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 06:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 00:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 00:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 00:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 00:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 00:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 00:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 07:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 06:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 07:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 06:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.13 19:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.13 19:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.13 19:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.13 19:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 07:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.13 18:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.13 18:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
--- --- ---


Danke

Alt 05.10.2011, 22:01   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Alt 05.10.2011, 22:22   #9
gkortenhaus
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



15:14:57.0486 1752 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
15:14:58.0270 1752 ============================================================
15:14:58.0270 1752 Current date / time: 2011/10/05 15:14:58.0270
15:14:58.0270 1752 SystemInfo:
15:14:58.0270 1752
15:14:58.0270 1752 OS Version: 6.1.7600 ServicePack: 0.0
15:14:58.0270 1752 Product type: Workstation
15:14:58.0270 1752 ComputerName: GUSTAV-PC
15:14:58.0270 1752 UserName: admin
15:14:58.0270 1752 Windows directory: C:\Windows
15:14:58.0270 1752 System windows directory: C:\Windows
15:14:58.0270 1752 Running under WOW64
15:14:58.0270 1752 Processor architecture: Intel x64
15:14:58.0270 1752 Number of processors: 2
15:14:58.0270 1752 Page size: 0x1000
15:14:58.0270 1752 Boot type: Normal boot
15:14:58.0270 1752 ============================================================
15:14:58.0613 1752 Initialize success
15:18:40.0805 0496 ============================================================
15:18:40.0805 0496 Scan started
15:18:40.0805 0496 Mode: Manual; SigCheck; TDLFS;
15:18:40.0805 0496 ============================================================
15:18:41.0389 0496 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:18:41.0519 0496 1394ohci - ok
15:18:41.0636 0496 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:18:41.0664 0496 ACPI - ok
15:18:41.0766 0496 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:18:41.0839 0496 AcpiPmi - ok
15:18:41.0993 0496 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:18:42.0024 0496 adp94xx - ok
15:18:42.0131 0496 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:18:42.0159 0496 adpahci - ok
15:18:42.0291 0496 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:18:42.0315 0496 adpu320 - ok
15:18:42.0585 0496 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
15:18:42.0660 0496 AFD - ok
15:18:42.0792 0496 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:18:42.0811 0496 agp440 - ok
15:18:42.0981 0496 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:18:42.0998 0496 aliide - ok
15:18:43.0082 0496 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:18:43.0100 0496 amdide - ok
15:18:43.0258 0496 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:18:43.0322 0496 AmdK8 - ok
15:18:43.0334 0496 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:18:43.0383 0496 AmdPPM - ok
15:18:43.0495 0496 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:18:43.0514 0496 amdsata - ok
15:18:43.0569 0496 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:18:43.0592 0496 amdsbs - ok
15:18:43.0693 0496 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:18:43.0710 0496 amdxata - ok
15:18:43.0816 0496 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:18:43.0855 0496 AppID - ok
15:18:43.0984 0496 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:18:44.0004 0496 arc - ok
15:18:44.0036 0496 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:18:44.0057 0496 arcsas - ok
15:18:44.0089 0496 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:18:44.0172 0496 AsyncMac - ok
15:18:44.0284 0496 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:18:44.0301 0496 atapi - ok
15:18:44.0415 0496 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:18:44.0473 0496 b06bdrv - ok
15:18:44.0588 0496 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:18:44.0640 0496 b57nd60a - ok
15:18:44.0833 0496 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:18:44.0983 0496 BCM43XX - ok
15:18:45.0117 0496 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:18:45.0173 0496 Beep - ok
15:18:45.0279 0496 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:18:45.0310 0496 blbdrive - ok
15:18:45.0452 0496 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:18:45.0481 0496 bowser - ok
15:18:45.0555 0496 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:18:45.0608 0496 BrFiltLo - ok
15:18:45.0646 0496 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:18:45.0673 0496 BrFiltUp - ok
15:18:45.0700 0496 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:18:45.0736 0496 Brserid - ok
15:18:45.0747 0496 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:18:45.0792 0496 BrSerWdm - ok
15:18:45.0803 0496 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:18:45.0860 0496 BrUsbMdm - ok
15:18:45.0977 0496 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:18:46.0011 0496 BrUsbSer - ok
15:18:46.0056 0496 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:18:46.0098 0496 BTHMODEM - ok
15:18:46.0205 0496 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:18:46.0278 0496 cdfs - ok
15:18:46.0386 0496 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:18:46.0424 0496 cdrom - ok
15:18:46.0495 0496 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:18:46.0539 0496 circlass - ok
15:18:46.0610 0496 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:18:46.0638 0496 CLFS - ok
15:18:46.0799 0496 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:18:46.0841 0496 CmBatt - ok
15:18:46.0888 0496 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:18:46.0905 0496 cmdide - ok
15:18:46.0939 0496 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
15:18:46.0979 0496 CNG - ok
15:18:47.0123 0496 CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
15:18:47.0157 0496 CnxtHdAudService - ok
15:18:47.0263 0496 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:18:47.0280 0496 Compbatt - ok
15:18:47.0317 0496 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:18:47.0355 0496 CompositeBus - ok
15:18:47.0479 0496 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:18:47.0496 0496 crcdisk - ok
15:18:47.0657 0496 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:18:47.0686 0496 DfsC - ok
15:18:47.0750 0496 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:18:47.0837 0496 discache - ok
15:18:47.0874 0496 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:18:47.0885 0496 Disk - ok
15:18:47.0997 0496 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
15:18:48.0008 0496 DKbFltr - ok
15:18:48.0119 0496 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:18:48.0158 0496 drmkaud - ok
15:18:48.0267 0496 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:18:48.0307 0496 DXGKrnl - ok
15:18:48.0418 0496 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:18:48.0553 0496 ebdrv - ok
15:18:48.0700 0496 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:18:48.0733 0496 elxstor - ok
15:18:48.0776 0496 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:18:48.0822 0496 ErrDev - ok
15:18:48.0929 0496 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:18:49.0001 0496 exfat - ok
15:18:49.0031 0496 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:18:49.0120 0496 fastfat - ok
15:18:49.0266 0496 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:18:49.0313 0496 fdc - ok
15:18:49.0369 0496 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:18:49.0388 0496 FileInfo - ok
15:18:49.0407 0496 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:18:49.0483 0496 Filetrace - ok
15:18:49.0592 0496 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:18:49.0629 0496 flpydisk - ok
15:18:49.0681 0496 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:18:49.0706 0496 FltMgr - ok
15:18:49.0789 0496 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:18:49.0807 0496 FsDepends - ok
15:18:49.0837 0496 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:18:49.0854 0496 Fs_Rec - ok
15:18:49.0908 0496 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:18:49.0935 0496 fvevol - ok
15:18:50.0037 0496 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:18:50.0057 0496 gagp30kx - ok
15:18:50.0110 0496 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:18:50.0122 0496 GEARAspiWDM - ok
15:18:50.0288 0496 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:18:50.0335 0496 hcw85cir - ok
15:18:50.0401 0496 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:18:50.0445 0496 HdAudAddService - ok
15:18:50.0652 0496 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:18:50.0687 0496 HDAudBus - ok
15:18:50.0713 0496 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:18:50.0760 0496 HidBatt - ok
15:18:50.0791 0496 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:18:50.0840 0496 HidBth - ok
15:18:50.0850 0496 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:18:50.0893 0496 HidIr - ok
15:18:51.0046 0496 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:18:51.0089 0496 HidUsb - ok
15:18:51.0164 0496 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:18:51.0184 0496 HpSAMD - ok
15:18:51.0279 0496 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:18:51.0373 0496 HTTP - ok
15:18:51.0477 0496 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:18:51.0493 0496 hwpolicy - ok
15:18:51.0540 0496 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:18:51.0564 0496 i8042prt - ok
15:18:51.0630 0496 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
15:18:51.0652 0496 iaStor - ok
15:18:51.0731 0496 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:18:51.0760 0496 iaStorV - ok
15:18:51.0819 0496 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:18:51.0838 0496 iirsp - ok
15:18:51.0868 0496 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:18:51.0885 0496 intelide - ok
15:18:51.0919 0496 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:18:51.0952 0496 intelppm - ok
15:18:52.0063 0496 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:18:52.0150 0496 IpFilterDriver - ok
15:18:52.0213 0496 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:18:52.0241 0496 IPMIDRV - ok
15:18:52.0370 0496 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:18:52.0449 0496 IPNAT - ok
15:18:52.0566 0496 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:18:52.0595 0496 IRENUM - ok
15:18:52.0627 0496 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:18:52.0643 0496 isapnp - ok
15:18:52.0684 0496 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:18:52.0707 0496 iScsiPrt - ok
15:18:52.0818 0496 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:18:52.0836 0496 kbdclass - ok
15:18:52.0884 0496 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:18:52.0918 0496 kbdhid - ok
15:18:52.0988 0496 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
15:18:53.0007 0496 KSecDD - ok
15:18:53.0056 0496 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
15:18:53.0077 0496 KSecPkg - ok
15:18:53.0117 0496 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:18:53.0181 0496 ksthunk - ok
15:18:53.0307 0496 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:18:53.0335 0496 L1C - ok
15:18:53.0462 0496 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:18:53.0542 0496 lltdio - ok
15:18:53.0679 0496 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:18:53.0699 0496 LSI_FC - ok
15:18:53.0733 0496 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:18:53.0753 0496 LSI_SAS - ok
15:18:53.0804 0496 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:18:53.0823 0496 LSI_SAS2 - ok
15:18:53.0835 0496 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:18:53.0856 0496 LSI_SCSI - ok
15:18:53.0881 0496 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:18:53.0966 0496 luafv - ok
15:18:54.0101 0496 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
15:18:54.0117 0496 MBAMProtector - ok
15:18:54.0178 0496 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:18:54.0196 0496 megasas - ok
15:18:54.0211 0496 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:18:54.0236 0496 MegaSR - ok
15:18:54.0251 0496 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:18:54.0315 0496 Modem - ok
15:18:54.0448 0496 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:18:54.0483 0496 monitor - ok
15:18:54.0530 0496 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:18:54.0548 0496 mouclass - ok
15:18:54.0652 0496 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:18:54.0684 0496 mouhid - ok
15:18:54.0742 0496 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:18:54.0762 0496 mountmgr - ok
15:18:54.0805 0496 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:18:54.0827 0496 mpio - ok
15:18:54.0852 0496 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:18:54.0920 0496 mpsdrv - ok
15:18:54.0952 0496 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:18:54.0994 0496 MRxDAV - ok
15:18:55.0043 0496 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:18:55.0068 0496 mrxsmb - ok
15:18:55.0137 0496 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:18:55.0164 0496 mrxsmb10 - ok
15:18:55.0210 0496 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:18:55.0257 0496 mrxsmb20 - ok
15:18:55.0294 0496 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:18:55.0312 0496 msahci - ok
15:18:55.0324 0496 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:18:55.0345 0496 msdsm - ok
15:18:55.0399 0496 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:18:55.0456 0496 Msfs - ok
15:18:55.0472 0496 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:18:55.0507 0496 mshidkmdf - ok
15:18:55.0521 0496 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:18:55.0531 0496 msisadrv - ok
15:18:55.0582 0496 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:18:55.0637 0496 MSKSSRV - ok
15:18:55.0658 0496 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:18:55.0716 0496 MSPCLOCK - ok
15:18:55.0742 0496 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:18:55.0815 0496 MSPQM - ok
15:18:55.0838 0496 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:18:55.0855 0496 MsRPC - ok
15:18:55.0879 0496 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:18:55.0889 0496 mssmbios - ok
15:18:55.0935 0496 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:18:55.0997 0496 MSTEE - ok
15:18:56.0064 0496 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:18:56.0095 0496 MTConfig - ok
15:18:56.0169 0496 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:18:56.0187 0496 Mup - ok
15:18:56.0342 0496 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:18:56.0393 0496 NativeWifiP - ok
15:18:56.0528 0496 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:18:56.0588 0496 NDIS - ok
15:18:56.0673 0496 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:18:56.0746 0496 NdisCap - ok
15:18:56.0820 0496 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:18:56.0887 0496 NdisTapi - ok
15:18:56.0931 0496 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:18:57.0011 0496 Ndisuio - ok
15:18:57.0029 0496 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:18:57.0080 0496 NdisWan - ok
15:18:57.0103 0496 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:18:57.0145 0496 NDProxy - ok
15:18:57.0182 0496 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:18:57.0231 0496 NetBIOS - ok
15:18:57.0311 0496 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:18:57.0405 0496 NetBT - ok
15:18:57.0673 0496 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
15:18:57.0905 0496 NETw5s64 - ok
15:18:58.0135 0496 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:18:58.0330 0496 netw5v64 - ok
15:18:58.0428 0496 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:18:58.0447 0496 nfrd960 - ok
15:18:58.0496 0496 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:18:58.0569 0496 Npfs - ok
15:18:58.0712 0496 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:18:58.0770 0496 nsiproxy - ok
15:18:58.0855 0496 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:18:58.0932 0496 Ntfs - ok
15:18:58.0979 0496 NTIDrvr (710263b44c1d1aee07525a53401fbe48) C:\Windows\system32\drivers\NTIDrvr.sys
15:18:58.0988 0496 NTIDrvr - ok
15:18:59.0045 0496 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:18:59.0122 0496 Null - ok
15:18:59.0362 0496 nvlddmkm (fd39b98ff1bb8ed3848781497e9d02e0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:18:59.0540 0496 nvlddmkm - ok
15:18:59.0588 0496 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:18:59.0609 0496 nvraid - ok
15:18:59.0668 0496 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:18:59.0690 0496 nvstor - ok
15:18:59.0733 0496 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:18:59.0754 0496 nv_agp - ok
15:18:59.0766 0496 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:18:59.0801 0496 ohci1394 - ok
15:18:59.0966 0496 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:18:59.0991 0496 Parport - ok
15:19:00.0032 0496 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:19:00.0052 0496 partmgr - ok
15:19:00.0083 0496 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:19:00.0105 0496 pci - ok
15:19:00.0126 0496 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:19:00.0144 0496 pciide - ok
15:19:00.0158 0496 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:19:00.0182 0496 pcmcia - ok
15:19:00.0207 0496 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:19:00.0225 0496 pcw - ok
15:19:00.0254 0496 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:19:00.0339 0496 PEAUTH - ok
15:19:00.0739 0496 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:19:00.0819 0496 PptpMiniport - ok
15:19:00.0882 0496 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:19:00.0915 0496 Processor - ok
15:19:01.0042 0496 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:19:01.0128 0496 Psched - ok
15:19:01.0206 0496 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:19:01.0293 0496 ql2300 - ok
15:19:01.0386 0496 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:19:01.0408 0496 ql40xx - ok
15:19:01.0466 0496 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:19:01.0521 0496 QWAVEdrv - ok
15:19:01.0553 0496 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:19:01.0634 0496 RasAcd - ok
15:19:01.0699 0496 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:19:01.0773 0496 RasAgileVpn - ok
15:19:01.0894 0496 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:19:01.0979 0496 Rasl2tp - ok
15:19:02.0102 0496 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:19:02.0154 0496 RasPppoe - ok
15:19:02.0256 0496 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:19:02.0336 0496 RasSstp - ok
15:19:02.0387 0496 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:19:02.0454 0496 rdbss - ok
15:19:02.0469 0496 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:19:02.0486 0496 rdpbus - ok
15:19:02.0508 0496 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:19:02.0552 0496 RDPCDD - ok
15:19:02.0590 0496 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:19:02.0639 0496 RDPENCDD - ok
15:19:02.0745 0496 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:19:02.0808 0496 RDPREFMP - ok
15:19:02.0861 0496 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:19:02.0944 0496 RDPWD - ok
15:19:03.0073 0496 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:19:03.0097 0496 rdyboost - ok
15:19:03.0322 0496 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:19:03.0405 0496 rspndr - ok
15:19:03.0473 0496 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
15:19:03.0493 0496 RSUSBSTOR - ok
15:19:03.0577 0496 RtsUIR - ok
15:19:03.0660 0496 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:19:03.0682 0496 sbp2port - ok
15:19:03.0718 0496 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:19:03.0776 0496 scfilter - ok
15:19:03.0857 0496 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:19:03.0921 0496 secdrv - ok
15:19:04.0054 0496 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:19:04.0076 0496 Serenum - ok
15:19:04.0121 0496 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:19:04.0171 0496 Serial - ok
15:19:04.0234 0496 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:19:04.0270 0496 sermouse - ok
15:19:04.0456 0496 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:19:04.0500 0496 sffdisk - ok
15:19:04.0532 0496 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:19:04.0560 0496 sffp_mmc - ok
15:19:04.0613 0496 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:19:04.0635 0496 sffp_sd - ok
15:19:04.0698 0496 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:19:04.0736 0496 sfloppy - ok
15:19:04.0814 0496 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:19:04.0825 0496 SiSRaid2 - ok
15:19:04.0877 0496 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:19:04.0897 0496 SiSRaid4 - ok
15:19:04.0979 0496 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:19:05.0054 0496 Smb - ok
15:19:05.0162 0496 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:19:05.0172 0496 spldr - ok
15:19:05.0411 0496 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:19:05.0442 0496 srv - ok
15:19:05.0513 0496 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:19:05.0565 0496 srv2 - ok
15:19:05.0619 0496 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:19:05.0634 0496 srvnet - ok
15:19:05.0741 0496 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:19:05.0755 0496 stexstor - ok
15:19:05.0808 0496 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:19:05.0821 0496 swenum - ok
15:19:05.0938 0496 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
15:19:05.0958 0496 SynTP - ok
15:19:06.0111 0496 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
15:19:06.0181 0496 Tcpip - ok
15:19:06.0345 0496 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
15:19:06.0405 0496 TCPIP6 - ok
15:19:06.0469 0496 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:19:06.0525 0496 tcpipreg - ok
15:19:06.0556 0496 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:19:06.0598 0496 TDPIPE - ok
15:19:06.0610 0496 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:19:06.0660 0496 TDTCP - ok
15:19:06.0683 0496 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:19:06.0783 0496 tdx - ok
15:19:06.0820 0496 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:19:06.0832 0496 TermDD - ok
15:19:06.0878 0496 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:19:06.0927 0496 tssecsrv - ok
15:19:07.0056 0496 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:19:07.0148 0496 tunnel - ok
15:19:07.0199 0496 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:19:07.0219 0496 uagp35 - ok
15:19:07.0252 0496 UBHelper (40079b0b801c5432ba435b5ad61ce6e3) C:\Windows\system32\drivers\UBHelper.sys
15:19:07.0263 0496 UBHelper - ok
15:19:07.0315 0496 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:19:07.0404 0496 udfs - ok
15:19:07.0518 0496 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:19:07.0537 0496 uliagpkx - ok
15:19:07.0590 0496 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:19:07.0619 0496 umbus - ok
15:19:07.0676 0496 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:19:07.0715 0496 UmPass - ok
15:19:07.0860 0496 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
15:19:07.0906 0496 USBAAPL64 - ok
15:19:07.0978 0496 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
15:19:08.0022 0496 usbccgp - ok
15:19:08.0086 0496 USBCCID - ok
15:19:08.0147 0496 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:19:08.0175 0496 usbcir - ok
15:19:08.0280 0496 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
15:19:08.0316 0496 usbehci - ok
15:19:08.0423 0496 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
15:19:08.0471 0496 usbhub - ok
15:19:08.0502 0496 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
15:19:08.0532 0496 usbohci - ok
15:19:08.0571 0496 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:19:08.0603 0496 usbprint - ok
15:19:08.0637 0496 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:19:08.0667 0496 usbscan - ok
15:19:08.0726 0496 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:19:08.0760 0496 USBSTOR - ok
15:19:08.0797 0496 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
15:19:08.0817 0496 usbuhci - ok
15:19:08.0937 0496 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
15:19:08.0987 0496 usbvideo - ok
15:19:09.0134 0496 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:19:09.0154 0496 vdrvroot - ok
15:19:09.0297 0496 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:19:09.0325 0496 vga - ok
15:19:09.0375 0496 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:19:09.0424 0496 VgaSave - ok
15:19:09.0526 0496 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:19:09.0551 0496 vhdmp - ok
15:19:09.0594 0496 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:19:09.0612 0496 viaide - ok
15:19:09.0667 0496 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:19:09.0679 0496 volmgr - ok
15:19:09.0700 0496 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:19:09.0718 0496 volmgrx - ok
15:19:09.0755 0496 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:19:09.0781 0496 volsnap - ok
15:19:09.0816 0496 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:19:09.0831 0496 vsmraid - ok
15:19:09.0854 0496 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:19:09.0870 0496 vwifibus - ok
15:19:09.0907 0496 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:19:09.0937 0496 vwififlt - ok
15:19:09.0961 0496 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:19:10.0021 0496 WacomPen - ok
15:19:10.0050 0496 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:19:10.0127 0496 WANARP - ok
15:19:10.0157 0496 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:19:10.0213 0496 Wanarpv6 - ok
15:19:10.0342 0496 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:19:10.0361 0496 Wd - ok
15:19:10.0418 0496 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:19:10.0456 0496 Wdf01000 - ok
15:19:10.0579 0496 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:19:10.0629 0496 WfpLwf - ok
15:19:10.0717 0496 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:19:10.0728 0496 WIMMount - ok
15:19:10.0875 0496 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:19:10.0908 0496 WmiAcpi - ok
15:19:11.0040 0496 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:19:11.0117 0496 ws2ifsl - ok
15:19:11.0182 0496 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:19:11.0264 0496 WudfPf - ok
15:19:11.0371 0496 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:19:11.0435 0496 WUDFRd - ok
15:19:11.0469 0496 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:19:11.0588 0496 \Device\Harddisk0\DR0 - ok
15:19:11.0597 0496 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
15:19:11.0807 0496 \Device\Harddisk1\DR1 - ok
15:19:11.0839 0496 Boot (0x1200) (5f0e472dbf198c51dc681aa5d82d878f) \Device\Harddisk0\DR0\Partition0
15:19:11.0840 0496 \Device\Harddisk0\DR0\Partition0 - ok
15:19:11.0856 0496 Boot (0x1200) (39f02f91d7fce0c32c0291047ef5001f) \Device\Harddisk0\DR0\Partition1
15:19:11.0857 0496 \Device\Harddisk0\DR0\Partition1 - ok
15:19:11.0865 0496 Boot (0x1200) (e615543d05b3b08b9ea6718471a44715) \Device\Harddisk1\DR1\Partition0
15:19:11.0867 0496 \Device\Harddisk1\DR1\Partition0 - ok
15:19:11.0868 0496 ============================================================
15:19:11.0868 0496 Scan finished
15:19:11.0868 0496 ============================================================
15:19:11.0885 2388 Detected object count: 0
15:19:11.0885 2388 Actual detected object count: 0

Alt 06.10.2011, 12:49   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Alt 06.10.2011, 16:38   #11
gkortenhaus
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-10-06.03 - admin 06.10.2011   9:15.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4061.2809 [GMT -6:00]
ausgeführt von:: c:\users\Gustav\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-06 bis 2011-10-06  ))))))))))))))))))))))))))))))
.
.
2011-10-06 15:25 . 2011-10-06 15:25	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC2C3BEF-24BA-4A15-A2DA-DEA494B43683}\offreg.dll
2011-10-06 15:21 . 2011-10-06 15:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-04 22:01 . 2011-09-13 00:26	9049936	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC2C3BEF-24BA-4A15-A2DA-DEA494B43683}\mpengine.dll
2011-10-03 14:56 . 2011-10-03 14:56	--------	d-----w-	C:\_OTL
2011-10-03 05:05 . 2011-10-03 05:05	--------	d-----w-	c:\program files (x86)\ESET
2011-10-03 04:57 . 2011-10-03 04:57	--------	d-----w-	c:\users\Gustav\AppData\Roaming\Malwarebytes
2011-10-03 04:49 . 2011-10-04 23:02	--------	d-----w-	C:\Logs
2011-10-03 03:40 . 2011-10-03 03:40	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-03 03:40 . 2011-10-03 03:41	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-03 03:40 . 2011-08-31 23:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-03 03:10 . 2006-06-19 19:01	69632	----a-w-	c:\windows\SysWow64\ztvcabinet.dll
2011-10-03 03:10 . 2006-05-25 21:52	162304	----a-w-	c:\windows\SysWow64\ztvunrar36.dll
2011-10-03 03:10 . 2005-08-26 07:50	77312	----a-w-	c:\windows\SysWow64\ztvunace26.dll
2011-10-03 03:10 . 2002-03-06 07:00	75264	----a-w-	c:\windows\SysWow64\unacev2.dll
2011-10-03 03:10 . 2011-10-03 04:55	--------	d-----w-	c:\program files (x86)\Trojan Remover
2011-10-03 03:10 . 2011-10-03 03:10	--------	d-----w-	c:\programdata\Simply Super Software
2011-10-03 03:10 . 2003-02-03 02:06	153088	----a-w-	c:\windows\SysWow64\UNRAR3.dll
2011-10-03 03:09 . 2011-10-03 03:09	--------	d-----w-	c:\users\admin
2011-09-27 03:58 . 2011-09-27 03:58	--------	d-----w-	c:\program files (x86)\Apple Software Update
2011-09-20 21:22 . 2011-09-20 21:22	--------	d-----w-	c:\program files (x86)\Microsoft Games
2011-09-20 19:50 . 2011-09-20 19:50	--------	d-----w-	c:\program files (x86)\DAEMON Tools Pro
2011-09-20 19:49 . 2011-09-20 21:20	--------	d-----w-	c:\users\Gustav\AppData\Roaming\DAEMON Tools Pro
2011-09-20 19:49 . 2011-09-20 19:49	--------	d-----w-	c:\programdata\DAEMON Tools Pro
2011-09-20 19:35 . 2011-09-20 19:35	--------	d-----w-	c:\program files (x86)\7-Zip
2011-09-19 03:10 . 2011-09-19 03:10	--------	d-----w-	C:\e688f1053dc73282b7628f1b74379d
2011-09-18 22:11 . 2011-09-18 22:11	--------	d-----w-	c:\windows\SysWow64\Wat
2011-09-18 22:10 . 2011-09-18 22:11	--------	d-----w-	c:\windows\system32\Wat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 03:53 . 2011-02-04 18:44	952	--sha-w-	c:\programdata\KGyGaAvL.sys
2011-07-22 05:35 . 2011-08-11 09:30	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-11 09:30	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-11 09:31	362496	----a-w-	c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-11 09:31	243200	----a-w-	c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-11 09:31	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-11 09:31	214528	----a-w-	c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-11 09:31	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-11 09:31	422400	----a-w-	c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-11 09:31	338432	----a-w-	c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-11 09:31	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-11 09:31	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-11 09:31	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-11 09:31	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-11 09:31	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-11 09:31	272384	----a-w-	c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-11 09:31	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-11 09:31	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-11 09:31	2048	----a-w-	c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-11 09:31	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 09:31	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 09:31	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 09:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14 . 2011-08-24 08:45	2048	----a-w-	c:\windows\system32\tzres.dll
2011-07-09 04:30 . 2011-08-24 08:45	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-07-09 02:44 . 2011-08-11 09:33	287744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-08 39408]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2010-07-05 1167296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-4-8 704032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 135664]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-16 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-26 841248]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-16 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 18:36]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 18:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-26 818720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-14 206072]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360111x406l0493z145i58m1u82o
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5635zg&r=27360111x406l0493z145i58m1u82o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Gustav\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 196.40.31.66 196.40.31.67
FF - ProfilePath - c:\users\Gustav\AppData\Roaming\Mozilla\Firefox\Profiles\fi6u7yk3.default\
FF - prefs.js: browser.startup.homepage - www.spiegel.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Pzwewt - c:\users\Gustav\AppData\Roaming\Pzwewt.exe
SafeBoot-58281137.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-06  09:36:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-10-06 15:36
.
Vor Suchlauf: 15 Verzeichnis(se), 174.931.763.200 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 177.639.702.528 Bytes frei
.
- - End Of File - - D2878005106E1D06CB014FB62DB8742E
         
--- --- ---

Alt 07.10.2011, 14:49   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Alt 07.10.2011, 15:25   #13
gkortenhaus
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



Super dass das so schnell geht

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-07 08:12:38
-----------------------------
08:12:38.909 OS Version: Windows x64 6.1.7600
08:12:38.910 Number of processors: 2 586 0x170A
08:12:38.911 ComputerName: GUSTAV-PC UserName: admin
08:13:08.884 Initialize success
08:21:08.322 AVAST engine defs: 11100700
08:21:15.462 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:21:15.464 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
08:21:15.482 Disk 0 MBR read successfully
08:21:15.485 Disk 0 MBR scan
08:21:15.488 Disk 0 Windows 7 default MBR code
08:21:15.492 Service scanning
08:21:16.640 Modules scanning
08:21:16.643 Disk 0 trace - called modules:
08:21:16.681 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
08:21:16.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005798060]
08:21:16.689 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8003cf3e40]
08:21:16.693 5 ACPI.sys[fffff88000ed8781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046a4050]
08:21:18.012 AVAST engine scan C:\Windows
08:21:21.224 AVAST engine scan C:\Windows\system32
08:22:40.546 AVAST engine scan C:\Windows\system32\drivers
08:22:48.157 AVAST engine scan C:\Users\admin
08:22:54.590 AVAST engine scan C:\ProgramData
08:23:48.889 Scan finished successfully
08:24:19.287 Disk 0 MBR has been saved successfully to "C:\Logs\MBR.dat"
08:24:19.293 The log file has been saved successfully to "C:\Logs\aswMBR.txt"

Alt 07.10.2011, 16:14   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Alt 08.10.2011, 21:09   #15
gkortenhaus
 
TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Standard

TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7896

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.10.2011 20:31:42
mbam-log-2011-10-07 (20-31-42).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|I:\|)
Objects scanned: 395025
Time elapsed: 45 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/08/2011 at 10:57 AM

Application Version : 5.0.1128

Core Rules Database Version : 7773
Trace Rules Database Version: 5585

Scan type : Complete Scan
Total Scan Time : 01:48:58

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 539
Memory threats detected : 0
Registry items scanned : 71497
Registry threats detected : 0
File items scanned : 184937
File threats detected : 374

Adware.Tracking Cookie
C:\Users\Gustav\AppData\Roaming\Microsoft\Windows\Cookies\gustav@atdmt[2].txt [ /atdmt ]
C:\Users\Gustav\AppData\Roaming\Microsoft\Windows\Cookies\gustav@cts.metricsdirect[1].txt [ /cts.metricsdirect ]
C:\Users\Gustav\AppData\Roaming\Microsoft\Windows\Cookies\gustav@cts.zroitracker[1].txt [ /cts.zroitracker ]
C:\Users\Gustav\AppData\Roaming\Microsoft\Windows\Cookies\gustav@media.licenseacquisition[1].txt [ /media.licenseacquisition ]
C:\Users\Gustav\AppData\Roaming\Microsoft\Windows\Cookies\gustav@content.licenseacquisition[1].txt [ /content.licenseacquisition.org ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\gustav@rts.pgmediaserve[1].txt [ Cookie:gustav@rts.pgmediaserve.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\RN2262QW.txt [ Cookie:gustav@adserver2.exgfnetwork.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\gustav@sexkiste[2].txt [ Cookie:gustav@sexkiste.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\UUHIUYDU.txt [ Cookie:gustav@userporn.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\N2MP2D6Z.txt [ Cookie:gustav@ssl.clickbank.net/order/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\gustav@partypoker[1].txt [ Cookie:gustav@partypoker.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\JVNBU3W1.txt [ Cookie:gustav@ads.crakmedia.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\gustav@t.track-web[1].txt [ Cookie:gustav@t.track-web.com/c/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\PC23RH4N.txt [ Cookie:gustav@trafficmp.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\gustav@ad.zanox[1].txt [ Cookie:gustav@ad.zanox.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\gustav@content.yieldmanager[3].txt [ Cookie:gustav@content.yieldmanager.com/ak/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\gustav@traffictrack[2].txt [ Cookie:gustav@traffictrack.de/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\gustav@apmebf[1].txt [ Cookie:gustav@apmebf.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\H2XZJD0U.txt [ Cookie:gustav@clickbank.net/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\gustav@de.partypoker[2].txt [ Cookie:gustav@de.partypoker.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\YAYJJQ4J.txt [ Cookie:gustav@adultfriendfinder.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\SF042CTT.txt [ Cookie:gustav@content.yieldmanager.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\47RU2WG9.txt [ Cookie:gustav@atdmt.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\070YRFYP.txt [ Cookie:gustav@azjmp.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\78PEN3DP.txt [ Cookie:gustav@ads2.zeusclicks.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\gustav@zedo[2].txt [ Cookie:gustav@zedo.com/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\gustav@www.active-tracking[1].txt [ Cookie:gustav@www.active-tracking.de/ ]
C:\USERS\GUSTAV\AppData\Roaming\Microsoft\Windows\Cookies\Low\PG2Z9AH2.txt [ Cookie:gustav@exoclick.com/ ]
C:\USERS\GUSTAV\Cookies\gustav@cts.metricsdirect[1].txt [ Cookie:gustav@cts.metricsdirect.com/ ]
C:\USERS\GUSTAV\Cookies\gustav@atdmt[2].txt [ Cookie:gustav@atdmt.com/ ]
C:\USERS\GUSTAV\Cookies\gustav@content.licenseacquisition[1].txt [ Cookie:gustav@content.licenseacquisition.org/ ]
C:\USERS\GUSTAV\Cookies\gustav@media.licenseacquisition[1].txt [ Cookie:gustav@media.licenseacquisition.org/ ]
delivery.ibanner.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WPFZY6UA ]
ia.media-imdb.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WPFZY6UA ]
imagesrv.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WPFZY6UA ]
media.mtvnservices.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WPFZY6UA ]
s0.2mdn.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WPFZY6UA ]
secure-us.imrworldwide.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WPFZY6UA ]
www.adservercentral.info [ C:\USERS\GUSTAV\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WPFZY6UA ]
www.sexkiste.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WPFZY6UA ]
C:\USERS\GUSTAV\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GUSTAV@NAKED[1].TXT [ /NAKED ]
C:\USERS\GUSTAV\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GUSTAV@PORNOGRAFISH[1].TXT [ /PORNOGRAFISH ]
C:\USERS\GUSTAV\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GUSTAV@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\USERS\GUSTAV\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GUSTAV@ADS.TRAFFIKINGS[1].TXT [ /ADS.TRAFFIKINGS ]
C:\USERS\GUSTAV\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GUSTAV@WWW.SEXKISTE[2].TXT [ /WWW.SEXKISTE ]
C:\USERS\GUSTAV\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GUSTAV@TTO2.TRAFFICTRACK[2].TXT [ /TTO2.TRAFFICTRACK ]
C:\USERS\GUSTAV\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GUSTAV@STATCOUNTER[2].TXT [ /STATCOUNTER ]
.eyewonder.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.kaspersky.122.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.game-advertising-online.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
stat.aldi.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
stat.aldi.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
rgadvert.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
adserver2.clipkit.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.sevenoneintermedia.112.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
tracking.gameforge.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
1.bfugmedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.divx.112.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
tracking.bmbfcluster.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ads3.net2day.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
nedstat.hostelbookers.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
nedstat.hostelbookers.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.partnersearchmetrics.sbx1.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.microsoftwindows.112.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.secmedia.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
s03.flagcounter.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
gsadserver.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
www.layermedia-adserver.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
keyword-advertising.web.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.revenue.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ads.247activemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
adsrv1.admediate.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.velmedia.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.snapfish.112.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ads20.wwe-media.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.autoscout24.112.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.stepstone.112.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.viator.122.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.checkstat.nl [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.ad.velmedia.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.ad.velmedia.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
adservercentral.info [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adserve.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ads.rokatraffic.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.edsa.122.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adcentriconline.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.xm.xtendmedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.de.partypoker.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.de.partypoker.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.de.partypoker.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.countomat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
adserv.chirurgie-portal.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adserver.gs [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.friendfinder.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.webresint.122.2o7.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ads6.hermoment.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
zbox.zanox.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
adserver1.mokono.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.generaltracking.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
cn.clickable.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
www.pfadfinder-treffpunkt.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
www.pfadfinder-treffpunkt.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
www.pfadfinder-treffpunkt.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
auslieferung.commindo-media-ressourcen.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
studivz.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
adserv.quality-channel.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
adserv.quality-channel.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
tracking.mlsat02.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\GUSTAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI6U7YK3.DEFAULT\COOKIES.SQLITE ]



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=57fc91a18feb98459bcae2b911d49758
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-03 07:05:40
# local_time=2011-10-03 01:05:40 (-0600, Mittelamerikanische Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 69163554 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=238757
# found=7
# cleaned=0
# scan_time=5436
E:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Abipräsentation.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Daemon Tools.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Filme.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Fotos.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Musik.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
E:\Spiele.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=57fc91a18feb98459bcae2b911d49758
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-05 03:16:12
# local_time=2011-10-04 09:16:12 (-0600, Mittelamerikanische Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 69320155 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=254512
# found=0
# cleaned=0
# scan_time=7867
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=36882
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=57fc91a18feb98459bcae2b911d49758
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-08 07:41:48
# local_time=2011-10-08 01:41:48 (-0600, Mittelamerikanische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776573 100 94 0 69641038 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=202758
# found=0
# cleaned=0
# scan_time=5321

Antwort

Themen zu TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?
acer, adware.seekmo, adware.shopperreports, cdrom, dateien, downloader, entfernen, escan, explorer, externe festplatte, festplatte, firefox, format, home, launch, logfile, microsoft, mozilla, ordner, problem, programme, registry, rundll, shortcut, software, system32, tr/dropper.gen, user agent, windows, worm



Ähnliche Themen: TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?


  1. Externe Festplatten von Viren, Adware, Rootkits etc entfernen aber wie ohne Datenverlust?
    Antiviren-, Firewall- und andere Schutzprogramme - 29.07.2015 (2)
  2. Windows 7 (2x): Bekanntter hat Viren nach Nutzung seiner externen HDD an meinen Rechnern - bin ich infiziert?
    Log-Analyse und Auswertung - 13.01.2014 (7)
  3. Windows 7 : Avg melded Tojaner: dropper.generik8.CLXE und kann ihn nicht entfernen
    Log-Analyse und Auswertung - 22.11.2013 (21)
  4. Virus BOO/Whistler.a auf Laptop-Festplatte und 2 externen Festplatten.
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (1)
  5. Meine Musikordner auf den externen Festplatten sind nur noch Verknüpfungen
    Log-Analyse und Auswertung - 07.05.2012 (2)
  6. Nach Trojaner werden die Ordner auf den externen Festplatten nur noch als Verküpfung angezeigt
    Log-Analyse und Auswertung - 14.01.2012 (9)
  7. Windows findet keinen Speicherplatz,Festplatten nicht sichtbar,Trojaner,Malware
    Log-Analyse und Auswertung - 06.01.2012 (8)
  8. System 32 Verknüpfungen auf externen Festplatten
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (11)
  9. [doppelt] TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?
    Mülltonne - 04.10.2011 (1)
  10. TR/Dropper.Gen von meiner externen Festplatte entfernen?
    Log-Analyse und Auswertung - 30.09.2011 (33)
  11. kann trojaner von meiner externen festplatte nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (1)
  12. Windows Vista erkennt keine Festplatten für Neuinstallation
    Alles rund um Windows - 11.10.2010 (1)
  13. Geplagt vom Trojaner dropper.gen auf einer externen Festplatte
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (23)
  14. Verwendung der externen Festplatte nach Neuinstallation von Windows XP
    Plagegeister aller Art und deren Bekämpfung - 30.01.2010 (2)
  15. Windows neu aufsetzen festplatten nicht gefunden ..
    Alles rund um Windows - 21.01.2010 (1)
  16. Festplatten Speicher Windows Partiotion sinkt ohne Grund
    Plagegeister aller Art und deren Bekämpfung - 11.03.2009 (5)
  17. Festplatten Vertauscht windows bootet nicht mehr
    Alles rund um Windows - 11.01.2009 (34)

Zum Thema TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? - Liebe Trojaner-Boardler auch ich habe ein ähnliches Problem, wie Panda Bär http://www.trojaner-board.de/103534-...entfernen.html wahrscheinlich habe ich sogar den gleichen Trojaner da wir kurz vorher Daten über USB-Sticks und externe Festplatten ausgetauscht - TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7?...
Archiv
Du betrachtest: TR/Dropper.Gen von meinen (externen) Festplatten entfernen bei Windows 7? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.