| |
| |||||||
Log-Analyse und Auswertung: BKA Trojaner - UKash AufforderungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
26.12.2011, 10:26
| #16 |
 |  BKA Trojaner - UKash Aufforderung Moin, Arne ! Code:
ATTFilter 10:20:37.0702 5868 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
10:20:37.0999 5868 ============================================================
10:20:37.0999 5868 Current date / time: 2011/12/26 10:20:37.0999
10:20:37.0999 5868 SystemInfo:
10:20:37.0999 5868
10:20:37.0999 5868 OS Version: 6.0.6002 ServicePack: 2.0
10:20:37.0999 5868 Product type: Workstation
10:20:37.0999 5868 ComputerName: MICHAEL-PC
10:20:37.0999 5868 UserName: Michael
10:20:37.0999 5868 Windows directory: C:\Windows
10:20:37.0999 5868 System windows directory: C:\Windows
10:20:37.0999 5868 Processor architecture: Intel x86
10:20:37.0999 5868 Number of processors: 4
10:20:37.0999 5868 Page size: 0x1000
10:20:37.0999 5868 Boot type: Normal boot
10:20:37.0999 5868 ============================================================
10:20:39.0715 5868 Initialize success
10:22:21.0038 4408 ============================================================
10:22:21.0038 4408 Scan started
10:22:21.0038 4408 Mode: Manual; SigCheck; TDLFS;
10:22:21.0038 4408 ============================================================
10:22:21.0256 4408 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
10:22:21.0350 4408 a2acc - ok
10:22:21.0381 4408 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
10:22:21.0397 4408 A2DDA - ok
10:22:21.0412 4408 a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
10:22:21.0428 4408 a2injectiondriver - ok
10:22:21.0459 4408 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
10:22:21.0475 4408 a2util - ok
10:22:21.0537 4408 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
10:22:21.0537 4408 acedrv11 - ok
10:22:21.0599 4408 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:22:21.0615 4408 ACPI - ok
10:22:21.0693 4408 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:22:21.0709 4408 adp94xx - ok
10:22:21.0802 4408 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:22:21.0818 4408 adpahci - ok
10:22:21.0880 4408 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:22:21.0896 4408 adpu160m - ok
10:22:21.0927 4408 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:22:21.0943 4408 adpu320 - ok
10:22:21.0974 4408 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:22:22.0021 4408 AFD - ok
10:22:22.0099 4408 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:22:22.0130 4408 agp440 - ok
10:22:22.0161 4408 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:22:22.0161 4408 aic78xx - ok
10:22:22.0192 4408 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:22:22.0208 4408 aliide - ok
10:22:22.0223 4408 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:22:22.0239 4408 amdagp - ok
10:22:22.0255 4408 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:22:22.0270 4408 amdide - ok
10:22:22.0333 4408 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:22:22.0426 4408 AmdK7 - ok
10:22:22.0504 4408 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:22:22.0551 4408 AmdK8 - ok
10:22:22.0629 4408 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:22:22.0629 4408 arc - ok
10:22:22.0691 4408 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:22:22.0707 4408 arcsas - ok
10:22:22.0723 4408 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:22:22.0769 4408 AsyncMac - ok
10:22:22.0801 4408 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
10:22:22.0816 4408 atapi - ok
10:22:22.0879 4408 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:22:22.0925 4408 Beep - ok
10:22:22.0957 4408 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:22:23.0003 4408 blbdrive - ok
10:22:23.0081 4408 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:22:23.0113 4408 bowser - ok
10:22:23.0144 4408 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:22:23.0159 4408 BrFiltLo - ok
10:22:23.0222 4408 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:22:23.0253 4408 BrFiltUp - ok
10:22:23.0284 4408 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:22:23.0393 4408 Brserid - ok
10:22:23.0487 4408 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:22:23.0549 4408 BrSerWdm - ok
10:22:23.0581 4408 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:22:23.0643 4408 BrUsbMdm - ok
10:22:23.0659 4408 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:22:23.0690 4408 BrUsbSer - ok
10:22:23.0768 4408 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:22:23.0799 4408 BTHMODEM - ok
10:22:23.0830 4408 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:22:23.0861 4408 cdfs - ok
10:22:23.0877 4408 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:22:23.0908 4408 cdrom - ok
10:22:23.0986 4408 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:22:24.0002 4408 circlass - ok
10:22:24.0033 4408 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:22:24.0049 4408 CLFS - ok
10:22:24.0127 4408 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:22:24.0142 4408 cmdide - ok
10:22:24.0220 4408 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
10:22:24.0236 4408 Compbatt - ok
10:22:24.0283 4408 cpuz130 - ok
10:22:24.0329 4408 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:22:24.0345 4408 crcdisk - ok
10:22:24.0361 4408 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:22:24.0392 4408 Crusoe - ok
10:22:24.0485 4408 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\Windows\system32\drivers\DefragFS.sys
10:22:24.0501 4408 DefragFS - ok
10:22:24.0517 4408 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:22:24.0548 4408 DfsC - ok
10:22:24.0641 4408 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:22:24.0657 4408 disk - ok
10:22:24.0719 4408 drhard (0071f8825d14b16955cd0a0699ab7a6c) C:\Windows\system32\drivers\drhard.sys
10:22:24.0751 4408 drhard ( UnsignedFile.Multi.Generic ) - warning
10:22:24.0751 4408 drhard - detected UnsignedFile.Multi.Generic (1)
10:22:24.0829 4408 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:22:24.0875 4408 drmkaud - ok
10:22:24.0938 4408 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:22:25.0016 4408 DXGKrnl - ok
10:22:25.0109 4408 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
10:22:25.0125 4408 e1express - ok
10:22:25.0172 4408 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:22:25.0203 4408 E1G60 - ok
10:22:25.0312 4408 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:22:25.0312 4408 Ecache - ok
10:22:25.0375 4408 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\elrawdsk.sys
10:22:25.0390 4408 ElRawDisk - ok
10:22:25.0453 4408 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:22:25.0468 4408 elxstor - ok
10:22:25.0562 4408 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
10:22:25.0577 4408 ENTECH - ok
10:22:25.0624 4408 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:22:25.0655 4408 ErrDev - ok
10:22:25.0733 4408 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:22:25.0765 4408 exfat - ok
10:22:25.0874 4408 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:22:25.0889 4408 fastfat - ok
10:22:25.0952 4408 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:22:25.0983 4408 fdc - ok
10:22:26.0030 4408 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:22:26.0030 4408 FileInfo - ok
10:22:26.0045 4408 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:22:26.0077 4408 Filetrace - ok
10:22:26.0139 4408 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:22:26.0170 4408 flpydisk - ok
10:22:26.0248 4408 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:22:26.0248 4408 FltMgr - ok
10:22:26.0357 4408 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
10:22:26.0373 4408 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
10:22:26.0373 4408 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
10:22:26.0420 4408 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:22:26.0451 4408 Fs_Rec - ok
10:22:26.0545 4408 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:22:26.0560 4408 gagp30kx - ok
10:22:26.0607 4408 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\drivers\GEARAspiWDM.sys
10:22:26.0623 4408 GearAspiWDM - ok
10:22:26.0732 4408 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:22:26.0794 4408 HdAudAddService - ok
10:22:26.0888 4408 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:22:26.0966 4408 HDAudBus - ok
10:22:27.0044 4408 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:22:27.0091 4408 HidBth - ok
10:22:27.0153 4408 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:22:27.0184 4408 HidIr - ok
10:22:27.0262 4408 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:22:27.0293 4408 HidUsb - ok
10:22:27.0309 4408 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:22:27.0325 4408 HpCISSs - ok
10:22:27.0356 4408 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:22:27.0403 4408 HTTP - ok
10:22:27.0434 4408 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:22:27.0434 4408 i2omp - ok
10:22:27.0496 4408 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:22:27.0512 4408 i8042prt - ok
10:22:27.0574 4408 iaStor (28aae599496b4930b3f19026f2083bc4) C:\Windows\system32\DRIVERS\iaStor.sys
10:22:27.0590 4408 iaStor - ok
10:22:27.0621 4408 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:22:27.0637 4408 iaStorV - ok
10:22:27.0699 4408 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:22:27.0699 4408 iirsp - ok
10:22:27.0777 4408 IntcAzAudAddService (2790cc09422b6bedae9825ae289e9bb7) C:\Windows\system32\drivers\RTKVHDA.sys
10:22:27.0839 4408 IntcAzAudAddService - ok
10:22:27.0902 4408 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:22:27.0902 4408 intelide - ok
10:22:27.0933 4408 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:22:27.0980 4408 intelppm - ok
10:22:27.0995 4408 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:22:28.0027 4408 IpFilterDriver - ok
10:22:28.0042 4408 IpInIp - ok
10:22:28.0089 4408 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:22:28.0120 4408 IPMIDRV - ok
10:22:28.0151 4408 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:22:28.0167 4408 IPNAT - ok
10:22:28.0245 4408 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:22:28.0276 4408 IRENUM - ok
10:22:28.0307 4408 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:22:28.0323 4408 isapnp - ok
10:22:28.0401 4408 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:22:28.0417 4408 iScsiPrt - ok
10:22:28.0448 4408 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:22:28.0448 4408 iteatapi - ok
10:22:28.0541 4408 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:22:28.0541 4408 iteraid - ok
10:22:28.0588 4408 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:22:28.0604 4408 kbdclass - ok
10:22:28.0619 4408 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:22:28.0651 4408 kbdhid - ok
10:22:28.0682 4408 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:22:28.0697 4408 KSecDD - ok
10:22:28.0760 4408 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:22:28.0791 4408 lltdio - ok
10:22:28.0853 4408 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:22:28.0869 4408 LSI_FC - ok
10:22:28.0916 4408 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:22:28.0931 4408 LSI_SAS - ok
10:22:28.0994 4408 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:22:29.0009 4408 LSI_SCSI - ok
10:22:29.0041 4408 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:22:29.0087 4408 luafv - ok
10:22:29.0134 4408 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:22:29.0134 4408 megasas - ok
10:22:29.0197 4408 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:22:29.0212 4408 MegaSR - ok
10:22:29.0228 4408 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:22:29.0259 4408 Modem - ok
10:22:29.0290 4408 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:22:29.0306 4408 monitor - ok
10:22:29.0353 4408 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:22:29.0368 4408 mouclass - ok
10:22:29.0399 4408 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:22:29.0431 4408 mouhid - ok
10:22:29.0462 4408 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:22:29.0477 4408 MountMgr - ok
10:22:29.0493 4408 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:22:29.0493 4408 mpio - ok
10:22:29.0509 4408 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:22:29.0540 4408 mpsdrv - ok
10:22:29.0602 4408 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:22:29.0602 4408 Mraid35x - ok
10:22:29.0680 4408 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:22:29.0711 4408 MRxDAV - ok
10:22:29.0805 4408 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:22:29.0867 4408 mrxsmb - ok
10:22:29.0914 4408 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:22:30.0008 4408 mrxsmb10 - ok
10:22:30.0070 4408 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:22:30.0101 4408 mrxsmb20 - ok
10:22:30.0148 4408 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
10:22:30.0164 4408 msahci - ok
10:22:30.0226 4408 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:22:30.0242 4408 msdsm - ok
10:22:30.0304 4408 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:22:30.0335 4408 Msfs - ok
10:22:30.0367 4408 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:22:30.0382 4408 msisadrv - ok
10:22:30.0398 4408 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:22:30.0429 4408 MSKSSRV - ok
10:22:30.0445 4408 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:22:30.0476 4408 MSPCLOCK - ok
10:22:30.0523 4408 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:22:30.0538 4408 MSPQM - ok
10:22:30.0585 4408 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:22:30.0601 4408 MsRPC - ok
10:22:30.0663 4408 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:22:30.0663 4408 mssmbios - ok
10:22:30.0757 4408 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:22:30.0788 4408 MSTEE - ok
10:22:30.0819 4408 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:22:30.0835 4408 Mup - ok
10:22:30.0866 4408 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:22:30.0881 4408 NativeWifiP - ok
10:22:30.0959 4408 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:22:30.0975 4408 NDIS - ok
10:22:30.0991 4408 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:22:31.0006 4408 NdisTapi - ok
10:22:31.0037 4408 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:22:31.0053 4408 Ndisuio - ok
10:22:31.0084 4408 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:22:31.0115 4408 NdisWan - ok
10:22:31.0147 4408 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:22:31.0162 4408 NDProxy - ok
10:22:31.0209 4408 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:22:31.0225 4408 NetBIOS - ok
10:22:31.0287 4408 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:22:31.0303 4408 netbt - ok
10:22:31.0412 4408 netr28u (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
10:22:31.0505 4408 netr28u - ok
10:22:31.0630 4408 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:22:31.0646 4408 nfrd960 - ok
10:22:31.0693 4408 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
10:22:31.0755 4408 nmwcd - ok
10:22:31.0817 4408 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
10:22:31.0849 4408 nmwcdc - ok
10:22:31.0864 4408 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:22:31.0880 4408 Npfs - ok
10:22:31.0911 4408 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:22:31.0958 4408 nsiproxy - ok
10:22:31.0989 4408 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:22:32.0129 4408 Ntfs - ok
10:22:32.0270 4408 ntk_PowerDVD (170ee229d4def31dbe95348c9a88fe74) C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys
10:22:32.0285 4408 ntk_PowerDVD - ok
10:22:32.0379 4408 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:22:32.0426 4408 ntrigdigi - ok
10:22:32.0473 4408 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:22:32.0504 4408 Null - ok
10:22:32.0785 4408 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:22:33.0190 4408 nvlddmkm - ok
10:22:33.0237 4408 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:22:33.0253 4408 nvraid - ok
10:22:33.0284 4408 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:22:33.0299 4408 nvstor - ok
10:22:33.0362 4408 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:22:33.0362 4408 nv_agp - ok
10:22:33.0377 4408 NwlnkFlt - ok
10:22:33.0377 4408 NwlnkFwd - ok
10:22:33.0424 4408 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:22:33.0440 4408 ohci1394 - ok
10:22:33.0518 4408 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:22:33.0565 4408 Parport - ok
10:22:33.0611 4408 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:22:33.0627 4408 partmgr - ok
10:22:33.0658 4408 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:22:33.0705 4408 Parvdm - ok
10:22:33.0783 4408 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
10:22:33.0830 4408 pccsmcfd - ok
10:22:33.0877 4408 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:22:33.0877 4408 pci - ok
10:22:33.0892 4408 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
10:22:33.0908 4408 pciide - ok
10:22:33.0923 4408 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:22:33.0923 4408 pcmcia - ok
10:22:34.0001 4408 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:22:34.0095 4408 PEAUTH - ok
10:22:34.0189 4408 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:22:34.0220 4408 PptpMiniport - ok
10:22:34.0251 4408 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:22:34.0282 4408 Processor - ok
10:22:34.0313 4408 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:22:34.0329 4408 PSched - ok
10:22:34.0469 4408 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:22:34.0532 4408 ql2300 - ok
10:22:34.0610 4408 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:22:34.0625 4408 ql40xx - ok
10:22:34.0688 4408 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:22:34.0719 4408 QWAVEdrv - ok
10:22:34.0813 4408 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:22:34.0828 4408 RasAcd - ok
10:22:34.0875 4408 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:22:34.0891 4408 Rasl2tp - ok
10:22:34.0922 4408 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:22:34.0984 4408 RasPppoe - ok
10:22:35.0015 4408 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:22:35.0031 4408 RasSstp - ok
10:22:35.0078 4408 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:22:35.0093 4408 rdbss - ok
10:22:35.0125 4408 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:22:35.0156 4408 RDPCDD - ok
10:22:35.0234 4408 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:22:35.0265 4408 rdpdr - ok
10:22:35.0343 4408 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:22:35.0374 4408 RDPENCDD - ok
10:22:35.0452 4408 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:22:35.0468 4408 RDPWD - ok
10:22:35.0530 4408 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:22:35.0546 4408 rspndr - ok
10:22:35.0608 4408 SANDRA (361094945053c2c04312ef2e5f14eeaf) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys
10:22:35.0624 4408 SANDRA - ok
10:22:35.0749 4408 SbieDrv (3ab6cad1ddfa84cd7bc3d1a759b1e81e) C:\Program Files\Sandboxie\SbieDrv.sys
10:22:35.0780 4408 SbieDrv - ok
10:22:35.0889 4408 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:22:35.0889 4408 sbp2port - ok
10:22:35.0936 4408 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:22:35.0983 4408 secdrv - ok
10:22:36.0029 4408 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
10:22:36.0061 4408 Serenum - ok
10:22:36.0139 4408 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
10:22:36.0201 4408 Serial - ok
10:22:36.0217 4408 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:22:36.0248 4408 sermouse - ok
10:22:36.0279 4408 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:22:36.0295 4408 sffdisk - ok
10:22:36.0310 4408 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:22:36.0341 4408 sffp_mmc - ok
10:22:36.0419 4408 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:22:36.0451 4408 sffp_sd - ok
10:22:36.0466 4408 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:22:36.0497 4408 sfloppy - ok
10:22:36.0529 4408 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:22:36.0544 4408 sisagp - ok
10:22:36.0607 4408 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:22:36.0622 4408 SiSRaid2 - ok
10:22:36.0669 4408 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:22:36.0669 4408 SiSRaid4 - ok
10:22:36.0731 4408 SLEE_15_DRIVER (40c0e715e1ebb2d1990c7d79cc0d79e3) C:\Windows\system32\drivers\Sleen15.sys
10:22:36.0747 4408 SLEE_15_DRIVER - ok
10:22:36.0778 4408 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:22:36.0794 4408 Smb - ok
10:22:36.0872 4408 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:22:36.0887 4408 spldr - ok
10:22:36.0934 4408 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:22:36.0997 4408 srv - ok
10:22:37.0075 4408 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:22:37.0121 4408 srv2 - ok
10:22:37.0168 4408 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:22:37.0199 4408 srvnet - ok
10:22:37.0231 4408 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
10:22:37.0262 4408 sscdbus - ok
10:22:37.0324 4408 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
10:22:37.0340 4408 sscdmdfl - ok
10:22:37.0371 4408 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
10:22:37.0371 4408 sscdmdm - ok
10:22:37.0465 4408 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:22:37.0480 4408 swenum - ok
10:22:37.0496 4408 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:22:37.0511 4408 Symc8xx - ok
10:22:37.0527 4408 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:22:37.0527 4408 Sym_hi - ok
10:22:37.0543 4408 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:22:37.0558 4408 Sym_u3 - ok
10:22:37.0621 4408 tap0901 (5c7c939bbd03784fe58c80578d065cc9) C:\Windows\system32\DRIVERS\tap0901.sys
10:22:37.0652 4408 tap0901 - ok
10:22:37.0730 4408 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
10:22:37.0823 4408 Tcpip - ok
10:22:37.0886 4408 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
10:22:37.0964 4408 Tcpip6 - ok
10:22:38.0042 4408 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:22:38.0073 4408 tcpipreg - ok
10:22:38.0151 4408 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:22:38.0167 4408 TDPIPE - ok
10:22:38.0229 4408 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:22:38.0260 4408 TDTCP - ok
10:22:38.0307 4408 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:22:38.0323 4408 tdx - ok
10:22:38.0432 4408 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:22:38.0432 4408 TermDD - ok
10:22:38.0510 4408 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\Windows\system32\DRIVERS\tifsfilt.sys
10:22:38.0525 4408 tifsfilter - ok
10:22:38.0588 4408 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:22:38.0603 4408 tssecsrv - ok
10:22:38.0681 4408 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
10:22:38.0681 4408 TuneUpUtilitiesDrv - ok
10:22:38.0775 4408 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:22:38.0806 4408 tunmp - ok
10:22:38.0900 4408 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:22:38.0900 4408 tunnel - ok
10:22:38.0947 4408 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:22:38.0962 4408 uagp35 - ok
10:22:39.0025 4408 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:22:39.0056 4408 udfs - ok
10:22:39.0087 4408 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:22:39.0087 4408 uliagpkx - ok
10:22:39.0134 4408 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:22:39.0149 4408 uliahci - ok
10:22:39.0212 4408 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:22:39.0227 4408 UlSata - ok
10:22:39.0274 4408 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:22:39.0290 4408 ulsata2 - ok
10:22:39.0368 4408 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:22:39.0383 4408 umbus - ok
10:22:39.0461 4408 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
10:22:39.0493 4408 upperdev - ok
10:22:39.0539 4408 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:22:39.0555 4408 USBAAPL - ok
10:22:39.0617 4408 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
10:22:39.0633 4408 usbaudio - ok
10:22:39.0664 4408 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:22:39.0742 4408 usbccgp - ok
10:22:39.0758 4408 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:22:39.0805 4408 usbcir - ok
10:22:39.0836 4408 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:22:39.0867 4408 usbehci - ok
10:22:39.0883 4408 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:22:39.0914 4408 usbhub - ok
10:22:39.0929 4408 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:22:39.0961 4408 usbohci - ok
10:22:40.0132 4408 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:22:40.0148 4408 usbprint - ok
10:22:40.0226 4408 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
10:22:40.0241 4408 usbser - ok
10:22:40.0273 4408 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
10:22:40.0304 4408 UsbserFilt - ok
10:22:40.0382 4408 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:22:40.0413 4408 USBSTOR - ok
10:22:40.0475 4408 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:22:40.0491 4408 usbuhci - ok
10:22:40.0585 4408 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:22:40.0600 4408 vga - ok
10:22:40.0616 4408 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:22:40.0647 4408 VgaSave - ok
10:22:40.0694 4408 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:22:40.0709 4408 viaagp - ok
10:22:40.0772 4408 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:22:40.0803 4408 ViaC7 - ok
10:22:40.0834 4408 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:22:40.0850 4408 viaide - ok
10:22:40.0881 4408 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:22:40.0912 4408 volmgr - ok
10:22:40.0959 4408 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:22:40.0975 4408 volmgrx - ok
10:22:41.0021 4408 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:22:41.0037 4408 volsnap - ok
10:22:41.0084 4408 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:22:41.0084 4408 vsmraid - ok
10:22:41.0177 4408 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:22:41.0224 4408 WacomPen - ok
10:22:41.0271 4408 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:22:41.0287 4408 Wanarp - ok
10:22:41.0318 4408 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:22:41.0333 4408 Wanarpv6 - ok
10:22:41.0380 4408 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:22:41.0396 4408 Wd - ok
10:22:41.0458 4408 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:22:41.0474 4408 Wdf01000 - ok
10:22:41.0536 4408 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
10:22:41.0567 4408 WmiAcpi - ok
10:22:41.0630 4408 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:22:41.0661 4408 WpdUsb - ok
10:22:41.0723 4408 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:22:41.0755 4408 ws2ifsl - ok
10:22:41.0833 4408 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
10:22:41.0848 4408 WudfPf - ok
10:22:41.0879 4408 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:22:41.0942 4408 WUDFRd - ok
10:22:42.0098 4408 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (3cb263cf60b253bead6e0205e1fa5669) C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
10:22:42.0113 4408 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
10:22:42.0207 4408 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:22:42.0425 4408 \Device\Harddisk0\DR0 - ok
10:22:42.0425 4408 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
10:22:42.0457 4408 \Device\Harddisk1\DR1 - ok
10:22:42.0457 4408 Boot (0x1200) (ab3e16ee174c667656f7ee64c93d7d5b) \Device\Harddisk0\DR0\Partition0
10:22:42.0457 4408 \Device\Harddisk0\DR0\Partition0 - ok
10:22:42.0472 4408 Boot (0x1200) (5dad7c197dd7accd255a4986f591c0b0) \Device\Harddisk0\DR0\Partition1
10:22:42.0472 4408 \Device\Harddisk0\DR0\Partition1 - ok
10:22:42.0472 4408 Boot (0x1200) (724ec93a347d2f822d11f4df340ed1fd) \Device\Harddisk1\DR1\Partition0
10:22:42.0472 4408 \Device\Harddisk1\DR1\Partition0 - ok
10:22:42.0472 4408 ============================================================
10:22:42.0472 4408 Scan finished
10:22:42.0472 4408 ============================================================
10:22:42.0488 5284 Detected object count: 2
10:22:42.0488 5284 Actual detected object count: 2
10:23:02.0643 5284 drhard ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:02.0643 5284 drhard ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:23:02.0643 5284 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:02.0643 5284 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
26.12.2011, 18:06
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BKA Trojaner - UKash Aufforderung Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
27.12.2011, 18:17
| #18 |
| | BKA Trojaner - UKash Aufforderung Hallo, Arne !
__________________Hier das Txt.file Combofix Logfile: Code:
ATTFilter ComboFix 11-12-27.01 - Michael 27.12.2011 17:44:51.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.1599 [GMT 1:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Local\assembly\tmp
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-27 bis 2011-12-27 ))))))))))))))))))))))))))))))
.
.
2011-12-27 17:00 . 2011-12-27 17:00 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DD9FB656-1887-4F01-9FAB-469EC0F6AE6C}\offreg.dll ERROR(0x00000005)
2011-12-27 16:57 . 2011-12-27 17:02 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-12-27 16:57 . 2011-12-27 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-27 08:02 . 2011-12-27 08:02 -------- d-----w- c:\users\Michael\AppData\Roaming\Trine2
2011-12-27 06:48 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DD9FB656-1887-4F01-9FAB-469EC0F6AE6C}\mpengine.dll ERROR(0x00000005)
2011-12-26 13:06 . 2011-12-26 13:26 -------- d-----w- c:\users\Michael\AppData\Local\Ubisoft Game Launcher
2011-12-25 08:31 . 2011-12-25 08:31 -------- d-----r- C:\Sandbox
2011-12-25 08:29 . 2011-12-25 08:29 -------- d-----w- c:\program files\Sandboxie
2011-12-25 08:18 . 2011-12-25 08:18 -------- d-----w- C:\_OTL
2011-12-24 11:35 . 2011-12-24 11:35 -------- d-----w- c:\program files\Common Files\LightScribe
2011-12-24 07:39 . 2011-12-27 16:58 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-12-23 13:52 . 2011-12-24 13:46 -------- d-----w- c:\program files\AVG Secure Search
2011-12-23 13:52 . 2011-12-23 13:52 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-12-23 13:51 . 2011-12-13 08:29 21312 ------w- c:\windows\system32\authuitu.dll
2011-12-23 13:51 . 2011-12-13 08:29 29504 ------w- c:\windows\system32\uxtuneup.dll
2011-12-21 21:12 . 2011-12-21 21:12 -------- d-----w- c:\program files\ESET
2011-12-20 17:51 . 2011-12-20 17:51 -------- d-----w- c:\program files\7-Zip
2011-12-17 09:21 . 2011-12-17 09:21 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-12-17 09:21 . 2011-12-18 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-17 09:21 . 2011-08-31 16:00 22216 ------w- c:\windows\system32\drivers\mbam.sys
2011-12-15 16:29 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 16:29 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 16:29 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 16:29 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 16:29 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 16:29 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 16:29 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-10 15:23 . 2011-12-10 15:23 -------- d-----w- c:\program files\iPod
2011-12-10 15:23 . 2011-12-10 15:24 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-13 08:35 . 2011-02-19 09:36 31552 ------w- c:\windows\system32\TURegOpt.exe
2011-11-21 10:47 . 2009-03-25 16:06 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2011-11-15 18:44 . 2011-05-19 07:17 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 04:54 . 2011-05-29 14:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ------w- c:\windows\system32\QuickTime.qts
2011-10-15 06:29 . 2009-04-22 14:09 29480 ------w- c:\windows\system32\msxml3a.dll
2011-10-15 06:29 . 2009-03-19 15:08 499712 ------w- c:\windows\system32\msvcp71.dll
2011-10-15 06:29 . 2009-03-19 15:08 348160 ------w- c:\windows\system32\msvcr71.dll
2011-10-07 09:18 . 2011-02-20 17:31 444952 ------w- c:\windows\system32\wrap_oal.dll
2011-10-07 09:18 . 2011-02-20 17:31 109080 ------w- c:\windows\system32\OpenAL32.dll
2009-10-16 06:42 . 2009-06-17 17:15 3211264 ----a-w- c:\program files\Common FilesDDBACSetup.msi
2011-11-10 20:56 . 2011-05-28 18:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-24 13:46 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll" [2011-12-24 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-11-11 08:41 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-11-11 08:41 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-11-11 08:41 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-11-11 08:41 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2011-11-11 12210176]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 442640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2011-05-16 75048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-09-14 230696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-24 892768]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2011-12-14 3322768]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"SearchEngineProtection"=c:\program files\Gamesbar\SearchEngineProtection.exe
"Steam"="c:\program files\Steam\Steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"BDRegion"=c:\program files\Cyberlink\Shared files\brs.exe
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"SAFE2007 HotKeys"="c:\program files\Steganos Safe 2007\SteganosHotKeyService.exe"
"SAFE2007 File Redirection Starter"="c:\program files\Steganos Safe 2007\fredirstarter.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R3 cpuz130;cpuz130; [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [2009-05-17 98488]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2011-11-02 34768]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];c:\windows\system32\drivers\Sleen15.sys [2007-02-21 11:33 80232]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/05 14:42];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-08-25 12:06 77296]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-12-16 3102856]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-08-26 75048]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-08-26 292136]
S2 drhard;drhard; [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-07-15 233472]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-08-24 71664]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-12-13 1527104]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-24 869216]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-07-15 36608]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 13:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 07:51]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 07:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/aacs/UpdateAdvisor.cab
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-iPhone_Backup_Switch_1.0 - c:\windows\iun6002.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-27 18:01
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5352)
c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
c:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\Raxco\PerfectDisk10\PDAgentS1.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-27 18:12:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-27 17:12
.
Vor Suchlauf: 12 Verzeichnis(se), 557.737.803.776 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 557.082.587.136 Bytes frei
.
- - End Of File - - 508EA710B94F36DD3015A130D9562B72
Gruß, Oldive |
|
28.12.2011, 03:21
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner - UKash Aufforderung Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.12.2011, 18:52
| #20 |
| | BKA Trojaner - UKash Aufforderung Moin, Arne ! gmer hat sic 2x mit einem blue screen verabschiedet und das ystem neu gebootet, da habe ich es gelassen, wie du sagtest. Hier das OSAM file: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:43:17 on 28.12.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 8.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "Raxco Software, Inc." - C:\Windows\system32\PDBoot.exe [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office14\MLCFG32.CPL "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a-squared Malware-IDS utility driver" (a2util) - "Emsi Software GmbH" - C:\Program Files\Emsisoft Anti-Malware\a2util32.sys "A2 Direct Disk Access Support Driver" (A2DDA) - "Emsi Software GmbH" - C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys "a2acc" (a2acc) - "Emsi Software GmbH" - C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys "a2injectiondriver" (a2injectiondriver) - "Emsi Software GmbH" - C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "cpuz130" (cpuz130) - ? - C:\Windows\system32\drivers\cpuz130.sys (File not found) "DefragFS" (DefragFS) - "Raxco Software, Inc." - C:\Windows\system32\drivers\DefragFS.sys "drhard" (drhard) - "Licensed for Gebhard Software" - C:\Windows\system32\drivers\drhard.sys "ElRawDisk" (ElRawDisk) - "EldoS Corporation" - C:\Windows\system32\drivers\elrawdsk.sys "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "ntk_PowerDVD" (ntk_PowerDVD) - "Cyberlink Corp." - C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys "Power Control [2011/11/05 14:42:40]" ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) - ? - C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl "SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys "SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys "Steganos Live Encryption Engine 15 [Driver]" (SLEE_15_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt " - C:\Windows\system32\drivers\Sleen15.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {B658800C-F66E-4EF3-AB85-6C0C227862A9} "ViProtocolOLE Class" - ? - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {AB77609F-2178-4E6F-9C4B-44AC179D937A} "a-squared Anti-Malware Shell Extension" - "Emsi Software GmbH" - C:\Program Files\Emsisoft Anti-Malware\a2contmenu.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office14\MLSHEXT.DLL {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {FAE0A3E0-3010-41BA-9DDC-A631394F047F} "SteganosShellExtension" - ? - C:\Program Files\Steganos Safe 2007\ShellExtension.dll (File found, but it contains no detailed information) {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {72376E32-8AF2-473F-BE32-E5D0F39C865D} "CUpdateAdvisorCtrl Object" - "Cyberlink" - C:\Windows\Downloaded Program Files\UpdateAdvisor.ocx / hxxp://www.cyberlink.com/prog/aacs/UpdateAdvisor.cab {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} "HidInputMonitorX Control" - "TODO: <Company name>" - C:\Windows\DOWNLO~1\HIDINP~1.OCX / file:///C:/Users/Michael/Desktop/components/hidinputmonitorx.ocx {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} "WMVHDRatingCtrl Class" - ? - C:\Windows\Downloaded Program Files\wmvhdrating.ocx / file:///C:/Users/Michael/Desktop/components/wmvhdrating.ocx {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "AVG Security Toolbar" - ? - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {95B7759C-8C7F-4BF1-B163-73684A933233} "AVG Security Toolbar" - ? - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Program Files\Sandboxie\SbieCtrl.exe" "SugarSync" - "SugarSync, Inc." - "C:\Program Files\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared files\brs.exe "emsisoft anti-malware" - "Emsi Software GmbH" - "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60 "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "RemoteControl11" - "CyberLink Corp." - C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe "vProt" - ? - "C:\Program Files\AVG Secure Search\vprot.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "CLHNServiceForPowerDVD" (CLHNServiceForPowerDVD) - ? - C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe "CyberLink PowerDVD 11.0 Monitor Service" (CyberLink PowerDVD 11.0 Monitor Service) - "CyberLink" - C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe "CyberLink PowerDVD 11.0 Service" (CyberLink PowerDVD 11.0 Service) - "CyberLink" - C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe "Emsisoft Anti-Malware 6.0 - Service" (a2AntiMalware) - "Emsi Software GmbH" - C:\Program Files\Emsisoft Anti-Malware\a2service.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "PDAgent" (PDAgent) - "Raxco Software, Inc." - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe "PDEngine" (PDEngine) - "Raxco Software, Inc." - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe (File found, but it contains no detailed information) "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe "vToolbarUpdater" (vToolbarUpdater) - ? - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Hier das aswMBR Code:
ATTFilter aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-28 16:45:05
-----------------------------
16:45:05.860 OS Version: Windows 6.0.6002 Service Pack 2
16:45:05.860 Number of processors: 4 586 0x170A
16:45:05.860 ComputerName: MICHAEL-PC UserName: Michael
16:45:33.706 Initialize success
16:46:53.193 AVAST engine defs: 11122800
16:47:03.754 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:47:03.754 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
16:47:03.754 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:47:03.754 Disk 1 Vendor: ST310005 CC44 Size: 953869MB BusType: 3
16:47:03.786 Disk 0 MBR read successfully
16:47:03.786 Disk 0 MBR scan
16:47:03.786 Disk 0 Windows VISTA default MBR code
16:47:03.848 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 933384 MB offset 2048
16:47:03.864 Disk 0 Partition - 00 0F Extended LBA 20482 MB offset 1911572480
16:47:03.895 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20482 MB offset 1911572543
16:47:03.926 Disk 0 scanning sectors +1953520065
16:47:04.066 Disk 0 scanning C:\Windows\system32\drivers
16:47:20.244 Service scanning
16:47:21.460 Modules scanning
16:47:28.278 Disk 0 trace - called modules:
16:47:28.324 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:47:28.340 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8713c178]
16:47:28.340 3 CLASSPNP.SYS[8b9a38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8657c030]
16:47:31.990 AVAST engine scan C:\Windows
16:47:38.948 AVAST engine scan C:\Windows\system32
16:50:52.404 AVAST engine scan C:\Windows\system32\drivers
16:51:21.388 AVAST engine scan C:\Users\Michael
17:19:43.068 AVAST engine scan C:\ProgramData
17:24:40.809 Scan finished successfully
18:14:46.430 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
18:14:46.446 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
|
|
28.12.2011, 23:01
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner - UKash Aufforderung Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ --> BKA Trojaner - UKash Aufforderung |
|
30.12.2011, 19:27
| #22 |
| | BKA Trojaner - UKash Aufforderung Hallo, Arne ! Es folgen die Scans. Da Superantispware hochgradig verdächtige Dateien gefunden hat, habe ich sie in Quarantäne geschickt, Ich hoffe, das war richtig. War es tatsächlich ein gefährlicher Fund, den alle anderen Programme übersehen haben ? Den ESET Scan lasse ich heute nacht laufen und poste ihn dann. Danke und Gruß, Oldive Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2011.12.30.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Michael :: MICHAEL-PC [Administrator] 30.12.2011 08:34:10 mbam-log-2011-12-30 (08-34-10).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 455613 Laufzeit: 1 Stunde(n), 35 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Generated 12/30/2011 at 03:49 PM
Application Version : 5.0.1142
Core Rules Database Version : 8090
Trace Rules Database Version: 5902
Scan type : Complete Scan
Total Scan Time : 05:25:35
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator
Memory items scanned : 634
Memory threats detected : 0
Registry items scanned : 39035
Registry threats detected : 0
File items scanned : 283547
File threats detected : 205
Adware.Tracking Cookie
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\9KUX45Y0.txt [ /fastclick.net ]
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\0SZ330EM.txt [ /ad.yieldmanager.com ]
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\RE0303T6.txt [ /atdmt.com ]
C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HBL1JZSA.txt [ Cookie:michael@clkads.com/adServe/ ]
C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9CBRPKRH.txt [ Cookie:michael@doubleclick.net/ ]
C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XN4S9BM4.txt [ Cookie:michael@tracking.dc-storm.com/ ]
C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0HNBI7V.txt [ Cookie:michael@clkads.com/adServe/banners ]
C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7JO2XQLV.txt [ Cookie:michael@imrworldwide.com/cgi-bin ]
C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\FCSLNLFP.txt [ Cookie:michael@adfarm1.adition.com/ ]
C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\X30J2SPL.txt [ Cookie:michael@overture.com/ ]
C:\USERS\MICHAEL\Cookies\9KUX45Y0.txt [ Cookie:michael@fastclick.net/ ]
C:\USERS\MICHAEL\Cookies\RE0303T6.txt [ Cookie:michael@atdmt.com/ ]
.imrworldwide.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.de.at.atwola.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.blau.122.2o7.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adverts.creativemark.co.uk [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.de.at.atwola.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.blau.122.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
adverts.creativemark.co.uk [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.ads.quartermedia.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
tracking.klicktel.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
tracking.klicktel.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-FraudTool[Tiny]
C:\_OTL\MOVEDFILES\12252011_091855\C_USERS\MICHAEL\APPDATA\ROAMING\.#\MBX@1040@F52728.###
|
|
30.12.2011, 19:47
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner - UKash Aufforderung Nur Cookies und ein isolierte Schädling in der Q von OTL. Auf ESET warte ich dann, aber auswerten (falls denn was gefunden wurde) werde ich wohl erst wieder Montag oder so 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.12.2011, 07:30
| #24 |
| | BKA Trojaner - UKash Aufforderung Moin, Arne ! Hier das ESET-Logfile. Ich hoffe, wir haben nun alles Nötige erledigt... Ich würde ja gern diesen registry-booster löschen, aber er ist weder in den Programmen bei Systemsteuerung, noch in dem Startmenü sichtbar :-((( Auf jeden Fall vielen Dank für die Hilfe !!! Einen guten Rutsch und ein gesundes, erfolgreiches Neues Jahr ! Beste Grüße, Oldive Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4f7a0849eb96544ba2b353ab44049906
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-22 12:03:51
# local_time=2011-12-22 01:03:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 275383 61038939 268046 0
# compatibility_mode=4096 16777215 100 0 74963793 74963793 0 0
# compatibility_mode=5892 16776637 100 100 31325 162034846 0 0
# compatibility_mode=8192 67108863 100 0 3797 3797 0 0
# scanned=280067
# found=8
# cleaned=0
# scan_time=10113
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\4b7f4ede-4c0f4041 Java/Exploit.CVE-2011-3544.D trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Desktop\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\registrybooster(2).exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_dropbox.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_free-m4a-to-mp3-converter.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\Eigene Downloads\Organisation\Freecommander\fc_setup_.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4f7a0849eb96544ba2b353ab44049906
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-22 09:09:09
# local_time=2011-12-22 10:09:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 307684 61071240 300347 0
# compatibility_mode=4096 16777215 100 0 74996094 74996094 0 0
# compatibility_mode=5892 16776637 100 100 63626 162067147 0 0
# compatibility_mode=8192 67108863 100 0 36098 36098 0 0
# scanned=287222
# found=8
# cleaned=0
# scan_time=10529
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\4b7f4ede-4c0f4041 Java/Exploit.CVE-2011-3544.D trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Desktop\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\registrybooster(2).exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_dropbox.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_free-m4a-to-mp3-converter.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\Eigene Downloads\Organisation\Freecommander\fc_setup_.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4f7a0849eb96544ba2b353ab44049906
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 01:21:56
# local_time=2011-12-31 02:21:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=4096 16777215 100 0 75745735 75745735 0 0
# compatibility_mode=5892 16776637 100 100 18366 162816788 0 0
# compatibility_mode=8192 67108863 100 0 785739 785739 0 0
# scanned=285848
# found=7
# cleaned=0
# scan_time=10456
C:\Users\Michael\Desktop\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\registrybooster(2).exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_dropbox.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_free-m4a-to-mp3-converter.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Michael\Downloads\Eigene Downloads\Organisation\Freecommander\fc_setup_.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
|
|
31.12.2011, 15:41
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner - UKash Aufforderung Dann löschen wir eben mit OTL die letzten Müll  Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!) Code:
ATTFilter :Files
C:\Users\Michael\Desktop\RegistryBooster
C:\Users\Michael\Downloads\registry*
C:\Users\Michael\Downloads\SoftonicDownloader*
:Commands
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2012, 15:45
| #26 |
| | BKA Trojaner - UKash Aufforderung Frohes Neues Jahr, Arne ! Hier das log nach dem Fix: Code:
ATTFilter All processes killed
========== FILES ==========
C:\Users\Michael\Desktop\RegistryBooster folder moved successfully.
C:\Users\Michael\Downloads\registrybooster(2).exe moved successfully.
C:\Users\Michael\Downloads\registrybooster.exe moved successfully.
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_dropbox.exe moved successfully.
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_free-m4a-to-mp3-converter.exe moved successfully.
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Michael
->Temp folder emptied: 54902881 bytes
->Temporary Internet Files folder emptied: 56553026 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 147082663 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 928 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 512813 bytes
RecycleBin emptied: 10874220 bytes
Total Files Cleaned = 257,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 01022012_153229
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
02.01.2012, 16:06
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner - UKash Aufforderung Gut. Rechner soweit wieder im Lot?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2012, 19:00
| #28 |
| | BKA Trojaner - UKash Aufforderung Alles bestens ! Herzlichen Dank, Arne. Ihr macht prima Arbeit hier. Bye, Oldive |
|
02.01.2012, 21:12
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner - UKash Aufforderung Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.01.2012, 21:06
| #30 |
| | BKA Trojaner - UKash Aufforderung Hallo, Arne ! Seit unserer Aufräumaktion kann ich mit Power DVD 11 keine Blue-rays mehr sehen (Originalscheiben, deutscher Code, habe nie etwas anderes eingestellt oder gesehen). Ich bekomme immer die Meldung, das der falsche Ländercode eingestellt ist ?! Weißt du Rat ? Besten Dank, Oldive |
|
| Themen zu BKA Trojaner - UKash Aufforderung |
| alternate, antivir, audiograbber, avira, black, bonjour, c:\windows\system32\rundll32.exe, conduit, converter, device driver, document, druck, error, excel.exe, firefox, google, google earth, home, install.exe, intranet, kaspersky, logfile, malware, malware bytes, microsoft office word, mozilla thunderbird, mp3, nvlddmkm.sys, office 2007, otl-datei, plug-in, programm, realtek, required, scan, security, security update, senden, software, starten, studio, system, trojaner, updates, version=1.0, vista, windows |
Linear-Darstellung
