Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Trojaner - UKash Aufforderung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.12.2011, 09:26   #16
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Moin, Arne !

Code:
ATTFilter
10:20:37.0702 5868	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
10:20:37.0999 5868	============================================================
10:20:37.0999 5868	Current date / time: 2011/12/26 10:20:37.0999
10:20:37.0999 5868	SystemInfo:
10:20:37.0999 5868	
10:20:37.0999 5868	OS Version: 6.0.6002 ServicePack: 2.0
10:20:37.0999 5868	Product type: Workstation
10:20:37.0999 5868	ComputerName: MICHAEL-PC
10:20:37.0999 5868	UserName: Michael
10:20:37.0999 5868	Windows directory: C:\Windows
10:20:37.0999 5868	System windows directory: C:\Windows
10:20:37.0999 5868	Processor architecture: Intel x86
10:20:37.0999 5868	Number of processors: 4
10:20:37.0999 5868	Page size: 0x1000
10:20:37.0999 5868	Boot type: Normal boot
10:20:37.0999 5868	============================================================
10:20:39.0715 5868	Initialize success
10:22:21.0038 4408	============================================================
10:22:21.0038 4408	Scan started
10:22:21.0038 4408	Mode: Manual; SigCheck; TDLFS; 
10:22:21.0038 4408	============================================================
10:22:21.0256 4408	a2acc           (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
10:22:21.0350 4408	a2acc - ok
10:22:21.0381 4408	A2DDA           (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
10:22:21.0397 4408	A2DDA - ok
10:22:21.0412 4408	a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
10:22:21.0428 4408	a2injectiondriver - ok
10:22:21.0459 4408	a2util          (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
10:22:21.0475 4408	a2util - ok
10:22:21.0537 4408	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
10:22:21.0537 4408	acedrv11 - ok
10:22:21.0599 4408	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:22:21.0615 4408	ACPI - ok
10:22:21.0693 4408	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:22:21.0709 4408	adp94xx - ok
10:22:21.0802 4408	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:22:21.0818 4408	adpahci - ok
10:22:21.0880 4408	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:22:21.0896 4408	adpu160m - ok
10:22:21.0927 4408	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:22:21.0943 4408	adpu320 - ok
10:22:21.0974 4408	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:22:22.0021 4408	AFD - ok
10:22:22.0099 4408	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:22:22.0130 4408	agp440 - ok
10:22:22.0161 4408	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:22:22.0161 4408	aic78xx - ok
10:22:22.0192 4408	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:22:22.0208 4408	aliide - ok
10:22:22.0223 4408	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:22:22.0239 4408	amdagp - ok
10:22:22.0255 4408	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:22:22.0270 4408	amdide - ok
10:22:22.0333 4408	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:22:22.0426 4408	AmdK7 - ok
10:22:22.0504 4408	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:22:22.0551 4408	AmdK8 - ok
10:22:22.0629 4408	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:22:22.0629 4408	arc - ok
10:22:22.0691 4408	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:22:22.0707 4408	arcsas - ok
10:22:22.0723 4408	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:22:22.0769 4408	AsyncMac - ok
10:22:22.0801 4408	atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
10:22:22.0816 4408	atapi - ok
10:22:22.0879 4408	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:22:22.0925 4408	Beep - ok
10:22:22.0957 4408	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:22:23.0003 4408	blbdrive - ok
10:22:23.0081 4408	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:22:23.0113 4408	bowser - ok
10:22:23.0144 4408	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:22:23.0159 4408	BrFiltLo - ok
10:22:23.0222 4408	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:22:23.0253 4408	BrFiltUp - ok
10:22:23.0284 4408	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:22:23.0393 4408	Brserid - ok
10:22:23.0487 4408	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:22:23.0549 4408	BrSerWdm - ok
10:22:23.0581 4408	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:22:23.0643 4408	BrUsbMdm - ok
10:22:23.0659 4408	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:22:23.0690 4408	BrUsbSer - ok
10:22:23.0768 4408	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:22:23.0799 4408	BTHMODEM - ok
10:22:23.0830 4408	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:22:23.0861 4408	cdfs - ok
10:22:23.0877 4408	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:22:23.0908 4408	cdrom - ok
10:22:23.0986 4408	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:22:24.0002 4408	circlass - ok
10:22:24.0033 4408	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:22:24.0049 4408	CLFS - ok
10:22:24.0127 4408	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:22:24.0142 4408	cmdide - ok
10:22:24.0220 4408	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
10:22:24.0236 4408	Compbatt - ok
10:22:24.0283 4408	cpuz130 - ok
10:22:24.0329 4408	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:22:24.0345 4408	crcdisk - ok
10:22:24.0361 4408	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:22:24.0392 4408	Crusoe - ok
10:22:24.0485 4408	DefragFS        (65c7122d1115a4e1db3e8c11df919a40) C:\Windows\system32\drivers\DefragFS.sys
10:22:24.0501 4408	DefragFS - ok
10:22:24.0517 4408	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:22:24.0548 4408	DfsC - ok
10:22:24.0641 4408	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:22:24.0657 4408	disk - ok
10:22:24.0719 4408	drhard          (0071f8825d14b16955cd0a0699ab7a6c) C:\Windows\system32\drivers\drhard.sys
10:22:24.0751 4408	drhard ( UnsignedFile.Multi.Generic ) - warning
10:22:24.0751 4408	drhard - detected UnsignedFile.Multi.Generic (1)
10:22:24.0829 4408	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:22:24.0875 4408	drmkaud - ok
10:22:24.0938 4408	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:22:25.0016 4408	DXGKrnl - ok
10:22:25.0109 4408	e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
10:22:25.0125 4408	e1express - ok
10:22:25.0172 4408	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:22:25.0203 4408	E1G60 - ok
10:22:25.0312 4408	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:22:25.0312 4408	Ecache - ok
10:22:25.0375 4408	ElRawDisk       (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\elrawdsk.sys
10:22:25.0390 4408	ElRawDisk - ok
10:22:25.0453 4408	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:22:25.0468 4408	elxstor - ok
10:22:25.0562 4408	ENTECH          (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
10:22:25.0577 4408	ENTECH - ok
10:22:25.0624 4408	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:22:25.0655 4408	ErrDev - ok
10:22:25.0733 4408	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:22:25.0765 4408	exfat - ok
10:22:25.0874 4408	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:22:25.0889 4408	fastfat - ok
10:22:25.0952 4408	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:22:25.0983 4408	fdc - ok
10:22:26.0030 4408	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:22:26.0030 4408	FileInfo - ok
10:22:26.0045 4408	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:22:26.0077 4408	Filetrace - ok
10:22:26.0139 4408	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:22:26.0170 4408	flpydisk - ok
10:22:26.0248 4408	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:22:26.0248 4408	FltMgr - ok
10:22:26.0357 4408	FsUsbExDisk     (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
10:22:26.0373 4408	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
10:22:26.0373 4408	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
10:22:26.0420 4408	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:22:26.0451 4408	Fs_Rec - ok
10:22:26.0545 4408	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:22:26.0560 4408	gagp30kx - ok
10:22:26.0607 4408	GearAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\drivers\GEARAspiWDM.sys
10:22:26.0623 4408	GearAspiWDM - ok
10:22:26.0732 4408	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:22:26.0794 4408	HdAudAddService - ok
10:22:26.0888 4408	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:22:26.0966 4408	HDAudBus - ok
10:22:27.0044 4408	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:22:27.0091 4408	HidBth - ok
10:22:27.0153 4408	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:22:27.0184 4408	HidIr - ok
10:22:27.0262 4408	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:22:27.0293 4408	HidUsb - ok
10:22:27.0309 4408	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:22:27.0325 4408	HpCISSs - ok
10:22:27.0356 4408	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:22:27.0403 4408	HTTP - ok
10:22:27.0434 4408	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:22:27.0434 4408	i2omp - ok
10:22:27.0496 4408	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:22:27.0512 4408	i8042prt - ok
10:22:27.0574 4408	iaStor          (28aae599496b4930b3f19026f2083bc4) C:\Windows\system32\DRIVERS\iaStor.sys
10:22:27.0590 4408	iaStor - ok
10:22:27.0621 4408	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:22:27.0637 4408	iaStorV - ok
10:22:27.0699 4408	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:22:27.0699 4408	iirsp - ok
10:22:27.0777 4408	IntcAzAudAddService (2790cc09422b6bedae9825ae289e9bb7) C:\Windows\system32\drivers\RTKVHDA.sys
10:22:27.0839 4408	IntcAzAudAddService - ok
10:22:27.0902 4408	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:22:27.0902 4408	intelide - ok
10:22:27.0933 4408	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:22:27.0980 4408	intelppm - ok
10:22:27.0995 4408	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:22:28.0027 4408	IpFilterDriver - ok
10:22:28.0042 4408	IpInIp - ok
10:22:28.0089 4408	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:22:28.0120 4408	IPMIDRV - ok
10:22:28.0151 4408	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:22:28.0167 4408	IPNAT - ok
10:22:28.0245 4408	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:22:28.0276 4408	IRENUM - ok
10:22:28.0307 4408	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:22:28.0323 4408	isapnp - ok
10:22:28.0401 4408	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:22:28.0417 4408	iScsiPrt - ok
10:22:28.0448 4408	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:22:28.0448 4408	iteatapi - ok
10:22:28.0541 4408	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:22:28.0541 4408	iteraid - ok
10:22:28.0588 4408	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:22:28.0604 4408	kbdclass - ok
10:22:28.0619 4408	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:22:28.0651 4408	kbdhid - ok
10:22:28.0682 4408	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:22:28.0697 4408	KSecDD - ok
10:22:28.0760 4408	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:22:28.0791 4408	lltdio - ok
10:22:28.0853 4408	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:22:28.0869 4408	LSI_FC - ok
10:22:28.0916 4408	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:22:28.0931 4408	LSI_SAS - ok
10:22:28.0994 4408	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:22:29.0009 4408	LSI_SCSI - ok
10:22:29.0041 4408	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:22:29.0087 4408	luafv - ok
10:22:29.0134 4408	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:22:29.0134 4408	megasas - ok
10:22:29.0197 4408	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:22:29.0212 4408	MegaSR - ok
10:22:29.0228 4408	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:22:29.0259 4408	Modem - ok
10:22:29.0290 4408	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:22:29.0306 4408	monitor - ok
10:22:29.0353 4408	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:22:29.0368 4408	mouclass - ok
10:22:29.0399 4408	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:22:29.0431 4408	mouhid - ok
10:22:29.0462 4408	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:22:29.0477 4408	MountMgr - ok
10:22:29.0493 4408	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:22:29.0493 4408	mpio - ok
10:22:29.0509 4408	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:22:29.0540 4408	mpsdrv - ok
10:22:29.0602 4408	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:22:29.0602 4408	Mraid35x - ok
10:22:29.0680 4408	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:22:29.0711 4408	MRxDAV - ok
10:22:29.0805 4408	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:22:29.0867 4408	mrxsmb - ok
10:22:29.0914 4408	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:22:30.0008 4408	mrxsmb10 - ok
10:22:30.0070 4408	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:22:30.0101 4408	mrxsmb20 - ok
10:22:30.0148 4408	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
10:22:30.0164 4408	msahci - ok
10:22:30.0226 4408	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:22:30.0242 4408	msdsm - ok
10:22:30.0304 4408	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:22:30.0335 4408	Msfs - ok
10:22:30.0367 4408	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:22:30.0382 4408	msisadrv - ok
10:22:30.0398 4408	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:22:30.0429 4408	MSKSSRV - ok
10:22:30.0445 4408	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:22:30.0476 4408	MSPCLOCK - ok
10:22:30.0523 4408	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:22:30.0538 4408	MSPQM - ok
10:22:30.0585 4408	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:22:30.0601 4408	MsRPC - ok
10:22:30.0663 4408	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:22:30.0663 4408	mssmbios - ok
10:22:30.0757 4408	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:22:30.0788 4408	MSTEE - ok
10:22:30.0819 4408	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:22:30.0835 4408	Mup - ok
10:22:30.0866 4408	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:22:30.0881 4408	NativeWifiP - ok
10:22:30.0959 4408	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:22:30.0975 4408	NDIS - ok
10:22:30.0991 4408	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:22:31.0006 4408	NdisTapi - ok
10:22:31.0037 4408	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:22:31.0053 4408	Ndisuio - ok
10:22:31.0084 4408	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:22:31.0115 4408	NdisWan - ok
10:22:31.0147 4408	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:22:31.0162 4408	NDProxy - ok
10:22:31.0209 4408	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:22:31.0225 4408	NetBIOS - ok
10:22:31.0287 4408	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:22:31.0303 4408	netbt - ok
10:22:31.0412 4408	netr28u         (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
10:22:31.0505 4408	netr28u - ok
10:22:31.0630 4408	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:22:31.0646 4408	nfrd960 - ok
10:22:31.0693 4408	nmwcd           (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
10:22:31.0755 4408	nmwcd - ok
10:22:31.0817 4408	nmwcdc          (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
10:22:31.0849 4408	nmwcdc - ok
10:22:31.0864 4408	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:22:31.0880 4408	Npfs - ok
10:22:31.0911 4408	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:22:31.0958 4408	nsiproxy - ok
10:22:31.0989 4408	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:22:32.0129 4408	Ntfs - ok
10:22:32.0270 4408	ntk_PowerDVD    (170ee229d4def31dbe95348c9a88fe74) C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys
10:22:32.0285 4408	ntk_PowerDVD - ok
10:22:32.0379 4408	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:22:32.0426 4408	ntrigdigi - ok
10:22:32.0473 4408	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:22:32.0504 4408	Null - ok
10:22:32.0785 4408	nvlddmkm        (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:22:33.0190 4408	nvlddmkm - ok
10:22:33.0237 4408	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:22:33.0253 4408	nvraid - ok
10:22:33.0284 4408	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:22:33.0299 4408	nvstor - ok
10:22:33.0362 4408	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:22:33.0362 4408	nv_agp - ok
10:22:33.0377 4408	NwlnkFlt - ok
10:22:33.0377 4408	NwlnkFwd - ok
10:22:33.0424 4408	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:22:33.0440 4408	ohci1394 - ok
10:22:33.0518 4408	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:22:33.0565 4408	Parport - ok
10:22:33.0611 4408	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:22:33.0627 4408	partmgr - ok
10:22:33.0658 4408	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:22:33.0705 4408	Parvdm - ok
10:22:33.0783 4408	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
10:22:33.0830 4408	pccsmcfd - ok
10:22:33.0877 4408	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:22:33.0877 4408	pci - ok
10:22:33.0892 4408	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
10:22:33.0908 4408	pciide - ok
10:22:33.0923 4408	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:22:33.0923 4408	pcmcia - ok
10:22:34.0001 4408	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:22:34.0095 4408	PEAUTH - ok
10:22:34.0189 4408	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:22:34.0220 4408	PptpMiniport - ok
10:22:34.0251 4408	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:22:34.0282 4408	Processor - ok
10:22:34.0313 4408	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:22:34.0329 4408	PSched - ok
10:22:34.0469 4408	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:22:34.0532 4408	ql2300 - ok
10:22:34.0610 4408	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:22:34.0625 4408	ql40xx - ok
10:22:34.0688 4408	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:22:34.0719 4408	QWAVEdrv - ok
10:22:34.0813 4408	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:22:34.0828 4408	RasAcd - ok
10:22:34.0875 4408	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:22:34.0891 4408	Rasl2tp - ok
10:22:34.0922 4408	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:22:34.0984 4408	RasPppoe - ok
10:22:35.0015 4408	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:22:35.0031 4408	RasSstp - ok
10:22:35.0078 4408	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:22:35.0093 4408	rdbss - ok
10:22:35.0125 4408	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:22:35.0156 4408	RDPCDD - ok
10:22:35.0234 4408	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:22:35.0265 4408	rdpdr - ok
10:22:35.0343 4408	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:22:35.0374 4408	RDPENCDD - ok
10:22:35.0452 4408	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:22:35.0468 4408	RDPWD - ok
10:22:35.0530 4408	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:22:35.0546 4408	rspndr - ok
10:22:35.0608 4408	SANDRA          (361094945053c2c04312ef2e5f14eeaf) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys
10:22:35.0624 4408	SANDRA - ok
10:22:35.0749 4408	SbieDrv         (3ab6cad1ddfa84cd7bc3d1a759b1e81e) C:\Program Files\Sandboxie\SbieDrv.sys
10:22:35.0780 4408	SbieDrv - ok
10:22:35.0889 4408	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:22:35.0889 4408	sbp2port - ok
10:22:35.0936 4408	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:22:35.0983 4408	secdrv - ok
10:22:36.0029 4408	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
10:22:36.0061 4408	Serenum - ok
10:22:36.0139 4408	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
10:22:36.0201 4408	Serial - ok
10:22:36.0217 4408	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:22:36.0248 4408	sermouse - ok
10:22:36.0279 4408	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:22:36.0295 4408	sffdisk - ok
10:22:36.0310 4408	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:22:36.0341 4408	sffp_mmc - ok
10:22:36.0419 4408	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:22:36.0451 4408	sffp_sd - ok
10:22:36.0466 4408	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:22:36.0497 4408	sfloppy - ok
10:22:36.0529 4408	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:22:36.0544 4408	sisagp - ok
10:22:36.0607 4408	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:22:36.0622 4408	SiSRaid2 - ok
10:22:36.0669 4408	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:22:36.0669 4408	SiSRaid4 - ok
10:22:36.0731 4408	SLEE_15_DRIVER  (40c0e715e1ebb2d1990c7d79cc0d79e3) C:\Windows\system32\drivers\Sleen15.sys
10:22:36.0747 4408	SLEE_15_DRIVER - ok
10:22:36.0778 4408	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:22:36.0794 4408	Smb - ok
10:22:36.0872 4408	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:22:36.0887 4408	spldr - ok
10:22:36.0934 4408	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:22:36.0997 4408	srv - ok
10:22:37.0075 4408	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:22:37.0121 4408	srv2 - ok
10:22:37.0168 4408	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:22:37.0199 4408	srvnet - ok
10:22:37.0231 4408	sscdbus         (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
10:22:37.0262 4408	sscdbus - ok
10:22:37.0324 4408	sscdmdfl        (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
10:22:37.0340 4408	sscdmdfl - ok
10:22:37.0371 4408	sscdmdm         (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
10:22:37.0371 4408	sscdmdm - ok
10:22:37.0465 4408	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:22:37.0480 4408	swenum - ok
10:22:37.0496 4408	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:22:37.0511 4408	Symc8xx - ok
10:22:37.0527 4408	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:22:37.0527 4408	Sym_hi - ok
10:22:37.0543 4408	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:22:37.0558 4408	Sym_u3 - ok
10:22:37.0621 4408	tap0901         (5c7c939bbd03784fe58c80578d065cc9) C:\Windows\system32\DRIVERS\tap0901.sys
10:22:37.0652 4408	tap0901 - ok
10:22:37.0730 4408	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
10:22:37.0823 4408	Tcpip - ok
10:22:37.0886 4408	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
10:22:37.0964 4408	Tcpip6 - ok
10:22:38.0042 4408	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:22:38.0073 4408	tcpipreg - ok
10:22:38.0151 4408	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:22:38.0167 4408	TDPIPE - ok
10:22:38.0229 4408	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:22:38.0260 4408	TDTCP - ok
10:22:38.0307 4408	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:22:38.0323 4408	tdx - ok
10:22:38.0432 4408	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:22:38.0432 4408	TermDD - ok
10:22:38.0510 4408	tifsfilter      (6dcb8ddb481cd3c40fa68593723b4d89) C:\Windows\system32\DRIVERS\tifsfilt.sys
10:22:38.0525 4408	tifsfilter - ok
10:22:38.0588 4408	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:22:38.0603 4408	tssecsrv - ok
10:22:38.0681 4408	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
10:22:38.0681 4408	TuneUpUtilitiesDrv - ok
10:22:38.0775 4408	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:22:38.0806 4408	tunmp - ok
10:22:38.0900 4408	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:22:38.0900 4408	tunnel - ok
10:22:38.0947 4408	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:22:38.0962 4408	uagp35 - ok
10:22:39.0025 4408	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:22:39.0056 4408	udfs - ok
10:22:39.0087 4408	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:22:39.0087 4408	uliagpkx - ok
10:22:39.0134 4408	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:22:39.0149 4408	uliahci - ok
10:22:39.0212 4408	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:22:39.0227 4408	UlSata - ok
10:22:39.0274 4408	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:22:39.0290 4408	ulsata2 - ok
10:22:39.0368 4408	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:22:39.0383 4408	umbus - ok
10:22:39.0461 4408	upperdev        (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
10:22:39.0493 4408	upperdev - ok
10:22:39.0539 4408	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:22:39.0555 4408	USBAAPL - ok
10:22:39.0617 4408	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
10:22:39.0633 4408	usbaudio - ok
10:22:39.0664 4408	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:22:39.0742 4408	usbccgp - ok
10:22:39.0758 4408	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:22:39.0805 4408	usbcir - ok
10:22:39.0836 4408	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:22:39.0867 4408	usbehci - ok
10:22:39.0883 4408	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:22:39.0914 4408	usbhub - ok
10:22:39.0929 4408	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:22:39.0961 4408	usbohci - ok
10:22:40.0132 4408	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:22:40.0148 4408	usbprint - ok
10:22:40.0226 4408	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
10:22:40.0241 4408	usbser - ok
10:22:40.0273 4408	UsbserFilt      (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
10:22:40.0304 4408	UsbserFilt - ok
10:22:40.0382 4408	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:22:40.0413 4408	USBSTOR - ok
10:22:40.0475 4408	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:22:40.0491 4408	usbuhci - ok
10:22:40.0585 4408	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:22:40.0600 4408	vga - ok
10:22:40.0616 4408	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:22:40.0647 4408	VgaSave - ok
10:22:40.0694 4408	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:22:40.0709 4408	viaagp - ok
10:22:40.0772 4408	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:22:40.0803 4408	ViaC7 - ok
10:22:40.0834 4408	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:22:40.0850 4408	viaide - ok
10:22:40.0881 4408	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:22:40.0912 4408	volmgr - ok
10:22:40.0959 4408	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:22:40.0975 4408	volmgrx - ok
10:22:41.0021 4408	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:22:41.0037 4408	volsnap - ok
10:22:41.0084 4408	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:22:41.0084 4408	vsmraid - ok
10:22:41.0177 4408	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:22:41.0224 4408	WacomPen - ok
10:22:41.0271 4408	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:22:41.0287 4408	Wanarp - ok
10:22:41.0318 4408	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:22:41.0333 4408	Wanarpv6 - ok
10:22:41.0380 4408	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:22:41.0396 4408	Wd - ok
10:22:41.0458 4408	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:22:41.0474 4408	Wdf01000 - ok
10:22:41.0536 4408	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
10:22:41.0567 4408	WmiAcpi - ok
10:22:41.0630 4408	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:22:41.0661 4408	WpdUsb - ok
10:22:41.0723 4408	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:22:41.0755 4408	ws2ifsl - ok
10:22:41.0833 4408	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
10:22:41.0848 4408	WudfPf - ok
10:22:41.0879 4408	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:22:41.0942 4408	WUDFRd - ok
10:22:42.0098 4408	{329F96B6-DF1E-4328-BFDA-39EA953C1312} (3cb263cf60b253bead6e0205e1fa5669) C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
10:22:42.0113 4408	{329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
10:22:42.0207 4408	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:22:42.0425 4408	\Device\Harddisk0\DR0 - ok
10:22:42.0425 4408	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
10:22:42.0457 4408	\Device\Harddisk1\DR1 - ok
10:22:42.0457 4408	Boot (0x1200)   (ab3e16ee174c667656f7ee64c93d7d5b) \Device\Harddisk0\DR0\Partition0
10:22:42.0457 4408	\Device\Harddisk0\DR0\Partition0 - ok
10:22:42.0472 4408	Boot (0x1200)   (5dad7c197dd7accd255a4986f591c0b0) \Device\Harddisk0\DR0\Partition1
10:22:42.0472 4408	\Device\Harddisk0\DR0\Partition1 - ok
10:22:42.0472 4408	Boot (0x1200)   (724ec93a347d2f822d11f4df340ed1fd) \Device\Harddisk1\DR1\Partition0
10:22:42.0472 4408	\Device\Harddisk1\DR1\Partition0 - ok
10:22:42.0472 4408	============================================================
10:22:42.0472 4408	Scan finished
10:22:42.0472 4408	============================================================
10:22:42.0488 5284	Detected object count: 2
10:22:42.0488 5284	Actual detected object count: 2
10:23:02.0643 5284	drhard ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:02.0643 5284	drhard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:23:02.0643 5284	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:02.0643 5284	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Danke, Gruß, Oldive

Alt 26.12.2011, 17:06   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________

__________________

Alt 27.12.2011, 17:17   #18
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Hallo, Arne !

Hier das Txt.file

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-27.01 - Michael 27.12.2011  17:44:51.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.1599 [GMT 1:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Local\assembly\tmp
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-27 bis 2011-12-27  ))))))))))))))))))))))))))))))
.
.
2011-12-27 17:00 . 2011-12-27 17:00	56200	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DD9FB656-1887-4F01-9FAB-469EC0F6AE6C}\offreg.dll	ERROR(0x00000005)
2011-12-27 16:57 . 2011-12-27 17:02	--------	d-----w-	c:\users\Michael\AppData\Local\temp
2011-12-27 16:57 . 2011-12-27 16:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-27 08:02 . 2011-12-27 08:02	--------	d-----w-	c:\users\Michael\AppData\Roaming\Trine2
2011-12-27 06:48 . 2011-11-21 10:47	6823496	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DD9FB656-1887-4F01-9FAB-469EC0F6AE6C}\mpengine.dll	ERROR(0x00000005)
2011-12-26 13:06 . 2011-12-26 13:26	--------	d-----w-	c:\users\Michael\AppData\Local\Ubisoft Game Launcher
2011-12-25 08:31 . 2011-12-25 08:31	--------	d-----r-	C:\Sandbox
2011-12-25 08:29 . 2011-12-25 08:29	--------	d-----w-	c:\program files\Sandboxie
2011-12-25 08:18 . 2011-12-25 08:18	--------	d-----w-	C:\_OTL
2011-12-24 11:35 . 2011-12-24 11:35	--------	d-----w-	c:\program files\Common Files\LightScribe
2011-12-24 07:39 . 2011-12-27 16:58	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2011-12-23 13:52 . 2011-12-24 13:46	--------	d-----w-	c:\program files\AVG Secure Search
2011-12-23 13:52 . 2011-12-23 13:52	--------	d-----w-	c:\program files\Common Files\AVG Secure Search
2011-12-23 13:51 . 2011-12-13 08:29	21312	------w-	c:\windows\system32\authuitu.dll
2011-12-23 13:51 . 2011-12-13 08:29	29504	------w-	c:\windows\system32\uxtuneup.dll
2011-12-21 21:12 . 2011-12-21 21:12	--------	d-----w-	c:\program files\ESET
2011-12-20 17:51 . 2011-12-20 17:51	--------	d-----w-	c:\program files\7-Zip
2011-12-17 09:21 . 2011-12-17 09:21	--------	d-----w-	c:\users\Michael\AppData\Roaming\Malwarebytes
2011-12-17 09:21 . 2011-12-18 21:17	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-17 09:21 . 2011-08-31 16:00	22216	------w-	c:\windows\system32\drivers\mbam.sys
2011-12-15 16:29 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-15 16:29 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-15 16:29 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-12-15 16:29 . 2011-11-23 13:37	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-12-15 16:29 . 2011-11-08 12:10	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 16:29 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-15 16:29 . 2011-11-08 14:42	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-10 15:23 . 2011-12-10 15:23	--------	d-----w-	c:\program files\iPod
2011-12-10 15:23 . 2011-12-10 15:24	--------	d-----w-	c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-13 08:35 . 2011-02-19 09:36	31552	------w-	c:\windows\system32\TURegOpt.exe
2011-11-21 10:47 . 2009-03-25 16:06	6823496	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll	ERROR(0x00000005)
2011-11-15 18:44 . 2011-05-19 07:17	414368	------w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 04:54 . 2011-05-29 14:41	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29	94208	------w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	------w-	c:\windows\system32\QuickTime.qts
2011-10-15 06:29 . 2009-04-22 14:09	29480	------w-	c:\windows\system32\msxml3a.dll
2011-10-15 06:29 . 2009-03-19 15:08	499712	------w-	c:\windows\system32\msvcp71.dll
2011-10-15 06:29 . 2009-03-19 15:08	348160	------w-	c:\windows\system32\msvcr71.dll
2011-10-07 09:18 . 2011-02-20 17:31	444952	------w-	c:\windows\system32\wrap_oal.dll
2011-10-07 09:18 . 2011-02-20 17:31	109080	------w-	c:\windows\system32\OpenAL32.dll
2009-10-16 06:42 . 2009-06-17 17:15	3211264	----a-w-	c:\program files\Common FilesDDBACSetup.msi
2011-11-10 20:56 . 2011-05-28 18:04	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-24 13:46	1574240	----a-w-	c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll" [2011-12-24 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-11-11 08:41	323584	----a-w-	c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-11-11 08:41	323584	----a-w-	c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-11-11 08:41	323584	----a-w-	c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-11-11 08:41	323584	----a-w-	c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2011-11-11 12210176]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 442640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2011-05-16 75048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-09-14 230696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-24 892768]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2011-12-14 3322768]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"SearchEngineProtection"=c:\program files\Gamesbar\SearchEngineProtection.exe
"Steam"="c:\program files\Steam\Steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"BDRegion"=c:\program files\Cyberlink\Shared files\brs.exe
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"SAFE2007 HotKeys"="c:\program files\Steganos Safe 2007\SteganosHotKeyService.exe"
"SAFE2007 File Redirection Starter"="c:\program files\Steganos Safe 2007\fredirstarter.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R3 cpuz130;cpuz130; [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [2009-05-17 98488]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2011-11-02 34768]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];c:\windows\system32\drivers\Sleen15.sys [2007-02-21 11:33 80232]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/05 14:42];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-08-25 12:06 77296]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-12-16 3102856]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-08-26 75048]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-08-26 292136]
S2 drhard;drhard; [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-07-15 233472]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-08-24 71664]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-12-13 1527104]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-24 869216]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-07-15 36608]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 13:11	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 07:51]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 07:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/aacs/UpdateAdvisor.cab
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qwg3d7r0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-iPhone_Backup_Switch_1.0 - c:\windows\iun6002.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-27 18:01
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5352)
c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
c:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\Raxco\PerfectDisk10\PDAgentS1.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-27  18:12:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-27 17:12
.
Vor Suchlauf: 12 Verzeichnis(se), 557.737.803.776 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 557.082.587.136 Bytes frei
.
- - End Of File - - 508EA710B94F36DD3015A130D9562B72
         
--- --- ---


Gruß, Oldive
__________________

Alt 28.12.2011, 02:21   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.12.2011, 17:52   #20
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Moin, Arne !

gmer hat sic 2x mit einem blue screen verabschiedet und das ystem neu gebootet, da habe ich es gelassen, wie du sagtest.

Hier das OSAM file:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:43:17 on 28.12.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Raxco Software, Inc." - C:\Windows\system32\PDBoot.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office14\MLCFG32.CPL
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a-squared Malware-IDS utility driver" (a2util) - "Emsi Software GmbH" - C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
"A2 Direct Disk Access Support Driver" (A2DDA) - "Emsi Software GmbH" - C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
"a2acc" (a2acc) - "Emsi Software GmbH" - C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
"a2injectiondriver" (a2injectiondriver) - "Emsi Software GmbH" - C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"cpuz130" (cpuz130) - ? - C:\Windows\system32\drivers\cpuz130.sys  (File not found)
"DefragFS" (DefragFS) - "Raxco Software, Inc." - C:\Windows\system32\drivers\DefragFS.sys
"drhard" (drhard) - "Licensed for Gebhard Software" - C:\Windows\system32\drivers\drhard.sys
"ElRawDisk" (ElRawDisk) - "EldoS Corporation" - C:\Windows\system32\drivers\elrawdsk.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"ntk_PowerDVD" (ntk_PowerDVD) - "Cyberlink Corp." - C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys
"Power Control [2011/11/05 14:42:40]" ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) - ? - C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys
"Steganos Live Encryption Engine 15 [Driver]" (SLEE_15_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt " - C:\Windows\system32\drivers\Sleen15.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{B658800C-F66E-4EF3-AB85-6C0C227862A9} "ViProtocolOLE Class" - ? - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{AB77609F-2178-4E6F-9C4B-44AC179D937A} "a-squared Anti-Malware Shell Extension" - "Emsi Software GmbH" - C:\Program Files\Emsisoft Anti-Malware\a2contmenu.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office14\MLSHEXT.DLL
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{FAE0A3E0-3010-41BA-9DDC-A631394F047F} "SteganosShellExtension" - ? - C:\Program Files\Steganos Safe 2007\ShellExtension.dll  (File found, but it contains no detailed information)
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{72376E32-8AF2-473F-BE32-E5D0F39C865D} "CUpdateAdvisorCtrl Object" - "Cyberlink" - C:\Windows\Downloaded Program Files\UpdateAdvisor.ocx / hxxp://www.cyberlink.com/prog/aacs/UpdateAdvisor.cab
{22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} "HidInputMonitorX Control" - "TODO: <Company name>" - C:\Windows\DOWNLO~1\HIDINP~1.OCX / file:///C:/Users/Michael/Desktop/components/hidinputmonitorx.ocx
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
{7030CC6C-1A88-4591-BB5A-651B9F7F0C30} "WMVHDRatingCtrl Class" - ? - C:\Windows\Downloaded Program Files\wmvhdrating.ocx / file:///C:/Users/Michael/Desktop/components/wmvhdrating.ocx
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "AVG Security Toolbar" - ? - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{95B7759C-8C7F-4BF1-B163-73684A933233} "AVG Security Toolbar" - ? - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Program Files\Sandboxie\SbieCtrl.exe"
"SugarSync" - "SugarSync, Inc." - "C:\Program Files\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared files\brs.exe
"emsisoft anti-malware" - "Emsi Software GmbH" - "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"RemoteControl11" - "CyberLink Corp." - C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe
"vProt" - ? - "C:\Program Files\AVG Secure Search\vprot.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"CLHNServiceForPowerDVD" (CLHNServiceForPowerDVD) - ? - C:\Program Files\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
"CyberLink PowerDVD 11.0 Monitor Service" (CyberLink PowerDVD 11.0 Monitor Service) - "CyberLink" - C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
"CyberLink PowerDVD 11.0 Service" (CyberLink PowerDVD 11.0 Service) - "CyberLink" - C:\Program Files\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
"Emsisoft Anti-Malware 6.0 - Service" (a2AntiMalware) - "Emsi Software GmbH" - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PDAgent" (PDAgent) - "Raxco Software, Inc." - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
"PDEngine" (PDEngine) - "Raxco Software, Inc." - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe  (File found, but it contains no detailed information)
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
"vToolbarUpdater" (vToolbarUpdater) - ? - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

Hier das aswMBR

Code:
ATTFilter
aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-28 16:45:05
-----------------------------
16:45:05.860    OS Version: Windows 6.0.6002 Service Pack 2
16:45:05.860    Number of processors: 4 586 0x170A
16:45:05.860    ComputerName: MICHAEL-PC  UserName: Michael
16:45:33.706    Initialize success
16:46:53.193    AVAST engine defs: 11122800
16:47:03.754    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:47:03.754    Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
16:47:03.754    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:47:03.754    Disk 1 Vendor: ST310005 CC44 Size: 953869MB BusType: 3
16:47:03.786    Disk 0 MBR read successfully
16:47:03.786    Disk 0 MBR scan
16:47:03.786    Disk 0 Windows VISTA default MBR code
16:47:03.848    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       933384 MB offset 2048
16:47:03.864    Disk 0 Partition - 00     0F Extended LBA             20482 MB offset 1911572480
16:47:03.895    Disk 0 Partition 2 00     0B        FAT32 MSDOS5.0    20482 MB offset 1911572543
16:47:03.926    Disk 0 scanning sectors +1953520065
16:47:04.066    Disk 0 scanning C:\Windows\system32\drivers
16:47:20.244    Service scanning
16:47:21.460    Modules scanning
16:47:28.278    Disk 0 trace - called modules:
16:47:28.324    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:47:28.340    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8713c178]
16:47:28.340    3 CLASSPNP.SYS[8b9a38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8657c030]
16:47:31.990    AVAST engine scan C:\Windows
16:47:38.948    AVAST engine scan C:\Windows\system32
16:50:52.404    AVAST engine scan C:\Windows\system32\drivers
16:51:21.388    AVAST engine scan C:\Users\Michael
17:19:43.068    AVAST engine scan C:\ProgramData
17:24:40.809    Scan finished successfully
18:14:46.430    Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
18:14:46.446    The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
         
Danke, Gruß, Oldive


Alt 28.12.2011, 22:01   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> BKA Trojaner - UKash Aufforderung

Alt 30.12.2011, 18:27   #22
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Hallo, Arne !

Es folgen die Scans. Da Superantispware hochgradig verdächtige Dateien gefunden hat, habe ich sie in Quarantäne geschickt, Ich hoffe, das war richtig. War es tatsächlich ein gefährlicher Fund, den alle anderen Programme übersehen haben ?

Den ESET Scan lasse ich heute nacht laufen und poste ihn dann.

Danke und Gruß, Oldive

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2011.12.30.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL-PC [Administrator]

30.12.2011 08:34:10
mbam-log-2011-12-30 (08-34-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 455613
Laufzeit: 1 Stunde(n), 35 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 12/30/2011 at 03:49 PM

Application Version : 5.0.1142

Core Rules Database Version : 8090
Trace Rules Database Version: 5902

Scan type       : Complete Scan
Total Scan Time : 05:25:35

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 634
Memory threats detected   : 0
Registry items scanned    : 39035
Registry threats detected : 0
File items scanned        : 283547
File threats detected     : 205

Adware.Tracking Cookie
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\9KUX45Y0.txt [ /fastclick.net ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\0SZ330EM.txt [ /ad.yieldmanager.com ]
	C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\RE0303T6.txt [ /atdmt.com ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\HBL1JZSA.txt [ Cookie:michael@clkads.com/adServe/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\9CBRPKRH.txt [ Cookie:michael@doubleclick.net/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XN4S9BM4.txt [ Cookie:michael@tracking.dc-storm.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0HNBI7V.txt [ Cookie:michael@clkads.com/adServe/banners ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\7JO2XQLV.txt [ Cookie:michael@imrworldwide.com/cgi-bin ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\FCSLNLFP.txt [ Cookie:michael@adfarm1.adition.com/ ]
	C:\USERS\MICHAEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\X30J2SPL.txt [ Cookie:michael@overture.com/ ]
	C:\USERS\MICHAEL\Cookies\9KUX45Y0.txt [ Cookie:michael@fastclick.net/ ]
	C:\USERS\MICHAEL\Cookies\RE0303T6.txt [ Cookie:michael@atdmt.com/ ]
	.imrworldwide.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	tracking.sim-technik.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.de.at.atwola.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.blau.122.2o7.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adinterax.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adverts.creativemark.co.uk [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.googleads.g.doubleclick.net [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adinterax.com [ C:\SANDBOX\MICHAEL\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	fr.sitestat.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	tracking.sim-technik.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.de.at.atwola.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.blau.122.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adinterax.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adinterax.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	adverts.creativemark.co.uk [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	tracking.klicktel.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	tracking.klicktel.de [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWG3D7R0.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-FraudTool[Tiny]
	C:\_OTL\MOVEDFILES\12252011_091855\C_USERS\MICHAEL\APPDATA\ROAMING\.#\MBX@1040@F52728.###
         

Alt 30.12.2011, 18:47   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Nur Cookies und ein isolierte Schädling in der Q von OTL.
Auf ESET warte ich dann, aber auswerten (falls denn was gefunden wurde) werde ich wohl erst wieder Montag oder so
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.12.2011, 06:30   #24
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Moin, Arne !

Hier das ESET-Logfile. Ich hoffe, wir haben nun alles Nötige erledigt...
Ich würde ja gern diesen registry-booster löschen, aber er ist weder in den Programmen bei Systemsteuerung, noch in dem Startmenü sichtbar :-(((

Auf jeden Fall vielen Dank für die Hilfe !!! Einen guten Rutsch und ein gesundes, erfolgreiches Neues Jahr !

Beste Grüße, Oldive


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4f7a0849eb96544ba2b353ab44049906
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-22 12:03:51
# local_time=2011-12-22 01:03:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 275383 61038939 268046 0
# compatibility_mode=4096 16777215 100 0 74963793 74963793 0 0
# compatibility_mode=5892 16776637 100 100 31325 162034846 0 0
# compatibility_mode=8192 67108863 100 0 3797 3797 0 0
# scanned=280067
# found=8
# cleaned=0
# scan_time=10113
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\4b7f4ede-4c0f4041	Java/Exploit.CVE-2011-3544.D trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Desktop\RegistryBooster\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\registrybooster(2).exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_dropbox.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_free-m4a-to-mp3-converter.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\Eigene Downloads\Organisation\Freecommander\fc_setup_.zip	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4f7a0849eb96544ba2b353ab44049906
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-22 09:09:09
# local_time=2011-12-22 10:09:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 307684 61071240 300347 0
# compatibility_mode=4096 16777215 100 0 74996094 74996094 0 0
# compatibility_mode=5892 16776637 100 100 63626 162067147 0 0
# compatibility_mode=8192 67108863 100 0 36098 36098 0 0
# scanned=287222
# found=8
# cleaned=0
# scan_time=10529
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\4b7f4ede-4c0f4041	Java/Exploit.CVE-2011-3544.D trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Desktop\RegistryBooster\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\registrybooster(2).exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_dropbox.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_free-m4a-to-mp3-converter.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\Eigene Downloads\Organisation\Freecommander\fc_setup_.zip	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4f7a0849eb96544ba2b353ab44049906
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 01:21:56
# local_time=2011-12-31 02:21:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=4096 16777215 100 0 75745735 75745735 0 0
# compatibility_mode=5892 16776637 100 100 18366 162816788 0 0
# compatibility_mode=8192 67108863 100 0 785739 785739 0 0
# scanned=285848
# found=7
# cleaned=0
# scan_time=10456
C:\Users\Michael\Desktop\RegistryBooster\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\registrybooster(2).exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_dropbox.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_free-m4a-to-mp3-converter.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Michael\Downloads\Eigene Downloads\Organisation\Freecommander\fc_setup_.zip	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
         

Alt 31.12.2011, 14:41   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Dann löschen wir eben mit OTL die letzten Müll


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:
ATTFilter
:Files
C:\Users\Michael\Desktop\RegistryBooster
C:\Users\Michael\Downloads\registry*
C:\Users\Michael\Downloads\SoftonicDownloader*
:Commands
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.01.2012, 14:45   #26
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Frohes Neues Jahr, Arne !

Hier das log nach dem Fix:

Code:
ATTFilter
All processes killed
========== FILES ==========
C:\Users\Michael\Desktop\RegistryBooster folder moved successfully.
C:\Users\Michael\Downloads\registrybooster(2).exe moved successfully.
C:\Users\Michael\Downloads\registrybooster.exe moved successfully.
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_dropbox.exe moved successfully.
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_free-m4a-to-mp3-converter.exe moved successfully.
C:\Users\Michael\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Michael
->Temp folder emptied: 54902881 bytes
->Temporary Internet Files folder emptied: 56553026 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 147082663 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 928 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 512813 bytes
RecycleBin emptied: 10874220 bytes
 
Total Files Cleaned = 257,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 01022012_153229

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Danke, Gruß, Oldive

Alt 02.01.2012, 15:06   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Gut. Rechner soweit wieder im Lot?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.01.2012, 18:00   #28
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung




Alles bestens ! Herzlichen Dank, Arne.

Ihr macht prima Arbeit hier.

Bye, Oldive

Alt 02.01.2012, 20:12   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.01.2012, 20:06   #30
Oldive
 
BKA Trojaner - UKash Aufforderung - Standard

BKA Trojaner - UKash Aufforderung



Hallo, Arne !

Seit unserer Aufräumaktion kann ich mit Power DVD 11 keine Blue-rays mehr sehen (Originalscheiben, deutscher Code, habe nie etwas anderes eingestellt oder gesehen). Ich bekomme immer die Meldung, das der falsche Ländercode eingestellt ist ?!

Weißt du Rat ?

Besten Dank, Oldive

Antwort

Themen zu BKA Trojaner - UKash Aufforderung
alternate, antivir, audiograbber, avira, black, bonjour, c:\windows\system32\rundll32.exe, conduit, converter, device driver, document, druck, error, excel.exe, firefox, google, google earth, home, install.exe, intranet, kaspersky, logfile, malware, malware bytes, microsoft office word, mozilla thunderbird, mp3, nvlddmkm.sys, office 2007, otl-datei, programm, realtek, required, scan, security, security update, senden, software, starten, studio, system, trojaner, updates, version=1.0, vista, windows



Ähnliche Themen: BKA Trojaner - UKash Aufforderung


  1. WIN 7 64bit, schwedischer Ableger vom BKA Trojaner. U-Kash Aufforderung
    Plagegeister aller Art und deren Bekämpfung - 13.05.2014 (15)
  2. GVU / BKA Trojaner Win7, abgesicherter Modus m E-Aufforderung möglich
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (17)
  3. Online-Banking Trojaner - Aufforderung zur TAN-Eingabe
    Log-Analyse und Auswertung - 01.07.2013 (19)
  4. Trojaner mit Aufforderung 100€ per Ukash - Win 7
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (37)
  5. Polizei Trojaner, Aufforderung zur Zalung
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (15)
  6. Bundestrojaner? UKash Aufforderung mit Systemstillegung
    Log-Analyse und Auswertung - 13.10.2012 (45)
  7. Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (6)
  8. Verschlüsselungs-Trojaner mit Aufforderung Geld zu überweisen
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (29)
  9. Windows Trojaner mit 100 Euro U cash Aufforderung!
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  10. Verschlüsselungs-Trojaner eingefangen und Aufforderung zur Zahlung von 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (3)
  11. Windows Security Center UKash-Aufforderung
    Log-Analyse und Auswertung - 25.04.2012 (29)
  12. Trojaner der 'Bundespolizei' mit der Aufforderung 100€ zu zahlen
    Plagegeister aller Art und deren Bekämpfung - 14.04.2012 (34)
  13. BKA Trojaner Aufforderung 100EUR zu beahlen
    Log-Analyse und Auswertung - 12.04.2012 (22)
  14. Trojaner - Aufforderung zur Zahlung von 100€ - Scananalysen
    Log-Analyse und Auswertung - 20.03.2012 (2)
  15. Rechner geloggt mit Aufforderung 50,- EUR über ukash zu bezahlen
    Log-Analyse und Auswertung - 24.12.2011 (21)
  16. Sparkassen-Trojaner ? Aufforderung zur Eingabe 100 TANs
    Plagegeister aller Art und deren Bekämpfung - 27.11.2011 (11)
  17. Trojaner Sparkasse Banking Aufforderung 20 TANs
    Plagegeister aller Art und deren Bekämpfung - 09.01.2011 (13)

Zum Thema BKA Trojaner - UKash Aufforderung - Moin, Arne ! Code: Alles auswählen Aufklappen ATTFilter 10:20:37.0702 5868 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 10:20:37.0999 5868 ============================================================ 10:20:37.0999 5868 Current date / time: 2011/12/26 10:20:37.0999 - BKA Trojaner - UKash Aufforderung...
Archiv
Du betrachtest: BKA Trojaner - UKash Aufforderung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.