Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Agent.CWIGen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.07.2012, 09:10   #16
KastorPollux
 
Trojan.Agent.CWIGen - Standard

Trojan.Agent.CWIGen



Hallo Cosinus,
hier das TDSS Log:
Code:
ATTFilter
08:23:34.0412 4852	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
08:23:34.0475 4852	============================================================
08:23:34.0475 4852	Current date / time: 2012/07/13 08:23:34.0475
08:23:34.0475 4852	SystemInfo:
08:23:34.0475 4852	
08:23:34.0475 4852	OS Version: 6.1.7601 ServicePack: 1.0
08:23:34.0475 4852	Product type: Workstation
08:23:34.0475 4852	ComputerName: INGEBORG-PC
08:23:34.0475 4852	UserName: Hans
08:23:34.0475 4852	Windows directory: C:\windows
08:23:34.0475 4852	System windows directory: C:\windows
08:23:34.0475 4852	Processor architecture: Intel x86
08:23:34.0475 4852	Number of processors: 2
08:23:34.0475 4852	Page size: 0x1000
08:23:34.0475 4852	Boot type: Normal boot
08:23:34.0475 4852	============================================================
08:23:36.0128 4852	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:23:36.0128 4852	Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:23:36.0128 4852	============================================================
08:23:36.0128 4852	\Device\Harddisk0\DR0:
08:23:36.0128 4852	MBR partitions:
08:23:36.0128 4852	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
08:23:36.0128 4852	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x11AFD000
08:23:36.0128 4852	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1392F800, BlocksNum 0x75BA000
08:23:36.0128 4852	\Device\Harddisk1\DR1:
08:23:36.0128 4852	MBR partitions:
08:23:36.0128 4852	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
08:23:36.0128 4852	============================================================
08:23:36.0159 4852	C: <-> \Device\Harddisk0\DR0\Partition1
08:23:36.0206 4852	D: <-> \Device\Harddisk0\DR0\Partition2
08:23:36.0206 4852	============================================================
08:23:36.0206 4852	Initialize success
08:23:36.0206 4852	============================================================
08:24:12.0172 5120	============================================================
08:24:12.0172 5120	Scan started
08:24:12.0172 5120	Mode: Manual; SigCheck; TDLFS; 
08:24:12.0172 5120	============================================================
08:24:12.0921 5120	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
08:24:13.0108 5120	1394ohci - ok
08:24:13.0280 5120	ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
08:24:13.0342 5120	ABBYY.Licensing.FineReader.Sprint.9.0 - ok
08:24:13.0404 5120	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
08:24:13.0451 5120	ACPI - ok
08:24:13.0514 5120	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
08:24:13.0607 5120	AcpiPmi - ok
08:24:13.0779 5120	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:24:13.0810 5120	AdobeARMservice - ok
08:24:13.0904 5120	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:24:13.0935 5120	AdobeFlashPlayerUpdateSvc - ok
08:24:14.0044 5120	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
08:24:14.0091 5120	adp94xx - ok
08:24:14.0122 5120	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
08:24:14.0184 5120	adpahci - ok
08:24:14.0231 5120	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
08:24:14.0262 5120	adpu320 - ok
08:24:14.0294 5120	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
08:24:14.0387 5120	AeLookupSvc - ok
08:24:14.0496 5120	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
08:24:14.0574 5120	AFD - ok
08:24:14.0606 5120	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
08:24:14.0637 5120	agp440 - ok
08:24:14.0746 5120	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
08:24:14.0777 5120	aic78xx - ok
08:24:14.0824 5120	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
08:24:14.0902 5120	ALG - ok
08:24:14.0933 5120	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
08:24:14.0964 5120	aliide - ok
08:24:14.0980 5120	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
08:24:15.0011 5120	amdagp - ok
08:24:15.0042 5120	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
08:24:15.0074 5120	amdide - ok
08:24:15.0105 5120	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
08:24:15.0167 5120	AmdK8 - ok
08:24:15.0183 5120	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
08:24:15.0230 5120	AmdPPM - ok
08:24:15.0292 5120	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
08:24:15.0323 5120	amdsata - ok
08:24:15.0370 5120	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
08:24:15.0417 5120	amdsbs - ok
08:24:15.0417 5120	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
08:24:15.0448 5120	amdxata - ok
08:24:15.0495 5120	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
08:24:15.0620 5120	AppID - ok
08:24:15.0713 5120	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
08:24:15.0776 5120	AppIDSvc - ok
08:24:15.0822 5120	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
08:24:15.0885 5120	Appinfo - ok
08:24:16.0010 5120	Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:24:16.0025 5120	Apple Mobile Device - ok
08:24:16.0072 5120	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
08:24:16.0119 5120	arc - ok
08:24:16.0134 5120	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
08:24:16.0166 5120	arcsas - ok
08:24:16.0212 5120	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
08:24:16.0337 5120	AsyncMac - ok
08:24:16.0368 5120	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
08:24:16.0400 5120	atapi - ok
08:24:16.0540 5120	athr            (8efa8e1c4c5eea27951a8dd015ffe4cd) C:\windows\system32\DRIVERS\athr.sys
08:24:16.0665 5120	athr - ok
08:24:16.0868 5120	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:24:16.0930 5120	AudioEndpointBuilder - ok
08:24:16.0946 5120	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:24:17.0008 5120	Audiosrv - ok
08:24:17.0102 5120	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
08:24:17.0195 5120	AxInstSV - ok
08:24:17.0273 5120	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
08:24:17.0336 5120	b06bdrv - ok
08:24:17.0382 5120	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
08:24:17.0429 5120	b57nd60x - ok
08:24:17.0538 5120	BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
08:24:17.0570 5120	BcmSqlStartupSvc - ok
08:24:17.0616 5120	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
08:24:17.0679 5120	BDESVC - ok
08:24:17.0710 5120	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
08:24:17.0788 5120	Beep - ok
08:24:17.0866 5120	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
08:24:17.0960 5120	BFE - ok
08:24:18.0022 5120	BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
08:24:18.0116 5120	BITS - ok
08:24:18.0131 5120	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
08:24:18.0178 5120	blbdrive - ok
08:24:18.0303 5120	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:24:18.0350 5120	Bonjour Service - ok
08:24:18.0396 5120	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
08:24:18.0459 5120	bowser - ok
08:24:18.0474 5120	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
08:24:18.0552 5120	BrFiltLo - ok
08:24:18.0568 5120	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
08:24:18.0630 5120	BrFiltUp - ok
08:24:18.0677 5120	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
08:24:18.0771 5120	Browser - ok
08:24:18.0818 5120	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
08:24:18.0896 5120	Brserid - ok
08:24:18.0927 5120	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
08:24:18.0958 5120	BrSerWdm - ok
08:24:18.0974 5120	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
08:24:19.0005 5120	BrUsbMdm - ok
08:24:19.0036 5120	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
08:24:19.0083 5120	BrUsbSer - ok
08:24:19.0098 5120	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
08:24:19.0145 5120	BTHMODEM - ok
08:24:19.0176 5120	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
08:24:19.0254 5120	bthserv - ok
08:24:19.0286 5120	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
08:24:19.0364 5120	cdfs - ok
08:24:19.0426 5120	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
08:24:19.0473 5120	cdrom - ok
08:24:19.0520 5120	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:24:19.0582 5120	CertPropSvc - ok
08:24:19.0676 5120	cfwids          (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\windows\system32\drivers\cfwids.sys
08:24:19.0722 5120	cfwids - ok
08:24:19.0769 5120	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
08:24:19.0800 5120	circlass - ok
08:24:19.0847 5120	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
08:24:19.0878 5120	CLFS - ok
08:24:19.0972 5120	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:24:20.0003 5120	clr_optimization_v2.0.50727_32 - ok
08:24:20.0081 5120	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:24:20.0159 5120	clr_optimization_v4.0.30319_32 - ok
08:24:20.0190 5120	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
08:24:20.0237 5120	CmBatt - ok
08:24:20.0284 5120	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
08:24:20.0315 5120	cmdide - ok
08:24:20.0362 5120	CNG             (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys
08:24:20.0424 5120	CNG - ok
08:24:20.0456 5120	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
08:24:20.0487 5120	Compbatt - ok
08:24:20.0534 5120	CompFilter      (9704b9c442e3ef2989746d08f80a3743) C:\windows\system32\DRIVERS\lvbusflt.sys
08:24:20.0565 5120	CompFilter - ok
08:24:20.0596 5120	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
08:24:20.0643 5120	CompositeBus - ok
08:24:20.0705 5120	COMSysApp - ok
08:24:20.0721 5120	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
08:24:20.0752 5120	crcdisk - ok
08:24:20.0814 5120	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
08:24:20.0877 5120	CryptSvc - ok
08:24:20.0955 5120	ctxusbm         (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys
08:24:20.0970 5120	ctxusbm - ok
08:24:21.0048 5120	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:24:21.0111 5120	DcomLaunch - ok
08:24:21.0158 5120	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
08:24:21.0236 5120	defragsvc - ok
08:24:21.0298 5120	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
08:24:21.0376 5120	DfsC - ok
08:24:21.0438 5120	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
08:24:21.0516 5120	Dhcp - ok
08:24:21.0532 5120	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
08:24:21.0610 5120	discache - ok
08:24:21.0657 5120	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
08:24:21.0672 5120	Disk - ok
08:24:21.0735 5120	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
08:24:21.0797 5120	Dnscache - ok
08:24:21.0860 5120	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
08:24:21.0922 5120	dot3svc - ok
08:24:21.0969 5120	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
08:24:22.0062 5120	DPS - ok
08:24:22.0125 5120	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
08:24:22.0187 5120	drmkaud - ok
08:24:22.0265 5120	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
08:24:22.0312 5120	DXGKrnl - ok
08:24:22.0343 5120	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
08:24:22.0406 5120	EapHost - ok
08:24:22.0655 5120	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
08:24:22.0811 5120	ebdrv - ok
08:24:22.0952 5120	EFS             (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
08:24:22.0998 5120	EFS - ok
08:24:23.0092 5120	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
08:24:23.0154 5120	ehRecvr - ok
08:24:23.0201 5120	ehSched         (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
08:24:23.0264 5120	ehSched - ok
08:24:23.0357 5120	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
08:24:23.0404 5120	elxstor - ok
08:24:23.0513 5120	EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
08:24:23.0544 5120	EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
08:24:23.0544 5120	EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
08:24:23.0607 5120	EPSON_EB_RPCV4_04 (b92f2b3247f0a99490c1298a1d3d7b4c) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
08:24:23.0716 5120	EPSON_EB_RPCV4_04 - ok
08:24:23.0763 5120	EPSON_PM_RPCV4_04 (651336b99c75fb54e4b5971cf458f9bd) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
08:24:23.0810 5120	EPSON_PM_RPCV4_04 - ok
08:24:23.0856 5120	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
08:24:23.0903 5120	ErrDev - ok
08:24:23.0966 5120	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
08:24:24.0028 5120	EventSystem - ok
08:24:24.0059 5120	ew_hwusbdev - ok
08:24:24.0090 5120	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
08:24:24.0168 5120	exfat - ok
08:24:24.0200 5120	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
08:24:24.0278 5120	fastfat - ok
08:24:24.0340 5120	Fax             (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
08:24:24.0418 5120	Fax - ok
08:24:24.0434 5120	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
08:24:24.0465 5120	fdc - ok
08:24:24.0496 5120	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
08:24:24.0574 5120	fdPHost - ok
08:24:24.0590 5120	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
08:24:24.0652 5120	FDResPub - ok
08:24:24.0683 5120	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
08:24:24.0714 5120	FileInfo - ok
08:24:24.0730 5120	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
08:24:24.0808 5120	Filetrace - ok
08:24:24.0824 5120	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
08:24:24.0855 5120	flpydisk - ok
08:24:24.0902 5120	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
08:24:24.0933 5120	FltMgr - ok
08:24:25.0042 5120	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
08:24:25.0120 5120	FontCache - ok
08:24:25.0182 5120	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:24:25.0198 5120	FontCache3.0.0.0 - ok
08:24:25.0229 5120	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
08:24:25.0260 5120	FsDepends - ok
08:24:25.0292 5120	fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
08:24:25.0323 5120	fssfltr - ok
08:24:25.0416 5120	fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
08:24:25.0479 5120	fsssvc - ok
08:24:25.0510 5120	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
08:24:25.0541 5120	Fs_Rec - ok
08:24:25.0604 5120	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
08:24:25.0635 5120	fvevol - ok
08:24:25.0713 5120	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
08:24:25.0744 5120	gagp30kx - ok
08:24:25.0791 5120	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
08:24:25.0806 5120	GEARAspiWDM - ok
08:24:25.0884 5120	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
08:24:25.0962 5120	gpsvc - ok
08:24:26.0056 5120	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
08:24:26.0103 5120	gupdate - ok
08:24:26.0118 5120	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
08:24:26.0150 5120	gupdatem - ok
08:24:26.0228 5120	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:24:26.0259 5120	gusvc - ok
08:24:26.0274 5120	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
08:24:26.0352 5120	hcw85cir - ok
08:24:26.0415 5120	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
08:24:26.0493 5120	HdAudAddService - ok
08:24:26.0540 5120	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
08:24:26.0586 5120	HDAudBus - ok
08:24:26.0602 5120	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
08:24:26.0649 5120	HidBatt - ok
08:24:26.0727 5120	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
08:24:26.0774 5120	HidBth - ok
08:24:26.0805 5120	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
08:24:26.0836 5120	HidIr - ok
08:24:26.0883 5120	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
08:24:26.0945 5120	hidserv - ok
08:24:27.0008 5120	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
08:24:27.0054 5120	HidUsb - ok
08:24:27.0086 5120	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
08:24:27.0179 5120	hkmsvc - ok
08:24:27.0226 5120	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
08:24:27.0288 5120	HomeGroupListener - ok
08:24:27.0335 5120	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
08:24:27.0382 5120	HomeGroupProvider - ok
08:24:27.0429 5120	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
08:24:27.0460 5120	HpSAMD - ok
08:24:27.0522 5120	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
08:24:27.0600 5120	HTTP - ok
08:24:27.0616 5120	huawei_cdcacm - ok
08:24:27.0632 5120	huawei_enumerator - ok
08:24:27.0678 5120	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
08:24:27.0710 5120	hwpolicy - ok
08:24:27.0756 5120	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
08:24:27.0803 5120	i8042prt - ok
08:24:27.0866 5120	iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
08:24:27.0897 5120	iaStor - ok
08:24:27.0975 5120	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
08:24:28.0022 5120	iaStorV - ok
08:24:28.0146 5120	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:24:28.0209 5120	idsvc - ok
08:24:28.0973 5120	igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys
08:24:29.0363 5120	igfx - ok
08:24:29.0550 5120	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
08:24:29.0582 5120	iirsp - ok
08:24:29.0738 5120	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
08:24:29.0831 5120	IKEEXT - ok
08:24:30.0112 5120	IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
08:24:30.0206 5120	IntcAzAudAddService - ok
08:24:30.0346 5120	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
08:24:30.0377 5120	intelide - ok
08:24:30.0424 5120	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
08:24:30.0455 5120	intelppm - ok
08:24:30.0486 5120	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
08:24:30.0564 5120	IPBusEnum - ok
08:24:30.0580 5120	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:24:30.0642 5120	IpFilterDriver - ok
08:24:30.0767 5120	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
08:24:30.0845 5120	iphlpsvc - ok
08:24:30.0876 5120	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
08:24:30.0923 5120	IPMIDRV - ok
08:24:30.0939 5120	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
08:24:31.0001 5120	IPNAT - ok
08:24:31.0126 5120	iPod Service    (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
08:24:31.0157 5120	iPod Service - ok
08:24:31.0204 5120	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
08:24:31.0282 5120	IRENUM - ok
08:24:31.0313 5120	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
08:24:31.0344 5120	isapnp - ok
08:24:31.0391 5120	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
08:24:31.0438 5120	iScsiPrt - ok
08:24:31.0469 5120	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
08:24:31.0500 5120	kbdclass - ok
08:24:31.0547 5120	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
08:24:31.0594 5120	kbdhid - ok
08:24:31.0641 5120	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:24:31.0672 5120	KeyIso - ok
08:24:31.0719 5120	KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys
08:24:31.0750 5120	KSecDD - ok
08:24:31.0781 5120	KSecPkg         (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys
08:24:31.0828 5120	KSecPkg - ok
08:24:31.0875 5120	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
08:24:31.0968 5120	KtmRm - ok
08:24:32.0031 5120	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
08:24:32.0109 5120	LanmanServer - ok
08:24:32.0140 5120	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
08:24:32.0249 5120	LanmanWorkstation - ok
08:24:32.0280 5120	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
08:24:32.0358 5120	lltdio - ok
08:24:32.0405 5120	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
08:24:32.0483 5120	lltdsvc - ok
08:24:32.0499 5120	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
08:24:32.0561 5120	lmhosts - ok
08:24:32.0608 5120	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
08:24:32.0639 5120	LSI_FC - ok
08:24:32.0702 5120	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
08:24:32.0733 5120	LSI_SAS - ok
08:24:32.0764 5120	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
08:24:32.0795 5120	LSI_SAS2 - ok
08:24:32.0811 5120	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
08:24:32.0842 5120	LSI_SCSI - ok
08:24:32.0873 5120	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
08:24:32.0951 5120	luafv - ok
08:24:33.0014 5120	LVRS            (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\windows\system32\DRIVERS\lvrs.sys
08:24:33.0076 5120	LVRS - ok
08:24:33.0419 5120	LVUVC           (5bc80451109a8dd7f2ddd35bce2929a3) C:\windows\system32\DRIVERS\lvuvc.sys
08:24:33.0591 5120	LVUVC - ok
08:24:33.0856 5120	MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\windows\system32\drivers\mbamswissarmy.sys
08:24:33.0887 5120	MBAMSwissArmy - ok
08:24:34.0012 5120	McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:24:34.0043 5120	McAfee SiteAdvisor Service - ok
08:24:34.0059 5120	McMPFSvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:24:34.0090 5120	McMPFSvc - ok
08:24:34.0106 5120	mcmscsvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:24:34.0137 5120	mcmscsvc - ok
08:24:34.0152 5120	McNaiAnn        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:24:34.0184 5120	McNaiAnn - ok
08:24:34.0199 5120	McNASvc         (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:24:34.0230 5120	McNASvc - ok
08:24:34.0324 5120	McODS           (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
08:24:34.0371 5120	McODS - ok
08:24:34.0386 5120	McProxy         (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:24:34.0418 5120	McProxy - ok
08:24:34.0480 5120	McPvDrv         (000751813ecef491689176e72b3a8bee) C:\windows\system32\drivers\McPvDrv.sys
08:24:34.0496 5120	McPvDrv - ok
08:24:34.0574 5120	McShield        (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
08:24:34.0620 5120	McShield - ok
08:24:34.0698 5120	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
08:24:34.0730 5120	Mcx2Svc - ok
08:24:34.0776 5120	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
08:24:34.0808 5120	megasas - ok
08:24:34.0839 5120	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
08:24:34.0886 5120	MegaSR - ok
08:24:34.0948 5120	mfeapfk         (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\windows\system32\drivers\mfeapfk.sys
08:24:34.0979 5120	mfeapfk - ok
08:24:35.0042 5120	mfeavfk         (c1dc5f42d3367f33b6451be78b38bd46) C:\windows\system32\drivers\mfeavfk.sys
08:24:35.0073 5120	mfeavfk - ok
08:24:35.0088 5120	mfeavfk01 - ok
08:24:35.0120 5120	mfebopk         (0435c43f4c2be01b84868ad2a906397b) C:\windows\system32\drivers\mfebopk.sys
08:24:35.0135 5120	mfebopk - ok
08:24:35.0182 5120	mfefire         (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
08:24:35.0229 5120	mfefire - ok
08:24:35.0276 5120	mfefirek        (4ea6ff90015424517843e931448e00f1) C:\windows\system32\drivers\mfefirek.sys
08:24:35.0322 5120	mfefirek - ok
08:24:35.0369 5120	mfehidk         (d1e998748ba24a731106611d535c6bbf) C:\windows\system32\drivers\mfehidk.sys
08:24:35.0432 5120	mfehidk - ok
08:24:35.0463 5120	mfenlfk         (ac04a618aef3de0fce91c766f9e069da) C:\windows\system32\DRIVERS\mfenlfk.sys
08:24:35.0494 5120	mfenlfk - ok
08:24:35.0525 5120	mferkdet        (f454a13377f0a006d20a8c14a753c432) C:\windows\system32\drivers\mferkdet.sys
08:24:35.0556 5120	mferkdet - ok
08:24:35.0697 5120	mfevtp          (b10c4efd40810c08f4b44df2efcb54f7) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
08:24:35.0744 5120	mfevtp - ok
08:24:35.0806 5120	mfewfpk         (f284337aedb7483df8a5fa840647e2b0) C:\windows\system32\drivers\mfewfpk.sys
08:24:35.0837 5120	mfewfpk - ok
08:24:35.0931 5120	Microsoft SharePoint Workspace Audit Service - ok
08:24:35.0946 5120	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:24:36.0009 5120	MMCSS - ok
08:24:36.0087 5120	MOBKbackup      (35176fa09a0fc58db630991a81a0ba39) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
08:24:36.0118 5120	MOBKbackup - ok
08:24:36.0180 5120	MOBKFilter      (e896775837a8bce436348df460522394) C:\windows\system32\DRIVERS\MOBK.sys
08:24:36.0196 5120	MOBKFilter - ok
08:24:36.0227 5120	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
08:24:36.0305 5120	Modem - ok
08:24:36.0321 5120	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
08:24:36.0368 5120	monitor - ok
08:24:36.0399 5120	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
08:24:36.0430 5120	mouclass - ok
08:24:36.0446 5120	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
08:24:36.0492 5120	mouhid - ok
08:24:36.0524 5120	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
08:24:36.0555 5120	mountmgr - ok
08:24:36.0617 5120	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
08:24:36.0664 5120	mpio - ok
08:24:36.0711 5120	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
08:24:36.0789 5120	mpsdrv - ok
08:24:36.0867 5120	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
08:24:36.0929 5120	MpsSvc - ok
08:24:36.0976 5120	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
08:24:37.0023 5120	MRxDAV - ok
08:24:37.0085 5120	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
08:24:37.0163 5120	mrxsmb - ok
08:24:37.0210 5120	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:24:37.0257 5120	mrxsmb10 - ok
08:24:37.0288 5120	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:24:37.0319 5120	mrxsmb20 - ok
08:24:37.0350 5120	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
08:24:37.0382 5120	msahci - ok
08:24:37.0428 5120	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
08:24:37.0475 5120	msdsm - ok
08:24:37.0522 5120	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
08:24:37.0584 5120	MSDTC - ok
08:24:37.0631 5120	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
08:24:37.0694 5120	Msfs - ok
08:24:37.0725 5120	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
08:24:37.0787 5120	mshidkmdf - ok
08:24:37.0818 5120	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
08:24:37.0850 5120	msisadrv - ok
08:24:37.0881 5120	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
08:24:37.0974 5120	MSiSCSI - ok
08:24:37.0974 5120	msiserver - ok
08:24:38.0099 5120	MSK80Service    (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
08:24:38.0130 5120	MSK80Service - ok
08:24:38.0162 5120	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
08:24:38.0240 5120	MSKSSRV - ok
08:24:38.0255 5120	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
08:24:38.0318 5120	MSPCLOCK - ok
08:24:38.0333 5120	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
08:24:38.0396 5120	MSPQM - ok
08:24:38.0427 5120	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
08:24:38.0474 5120	MsRPC - ok
08:24:38.0520 5120	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
08:24:38.0552 5120	mssmbios - ok
08:24:38.0614 5120	MSSQL$MSSMLBIZ - ok
08:24:38.0708 5120	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:24:38.0739 5120	MSSQLServerADHelper - ok
08:24:38.0739 5120	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
08:24:38.0801 5120	MSTEE - ok
08:24:38.0817 5120	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
08:24:38.0864 5120	MTConfig - ok
08:24:38.0895 5120	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
08:24:38.0926 5120	Mup - ok
08:24:38.0988 5120	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
08:24:39.0066 5120	napagent - ok
08:24:39.0129 5120	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
08:24:39.0160 5120	NativeWifiP - ok
08:24:39.0238 5120	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
08:24:39.0285 5120	NDIS - ok
08:24:39.0316 5120	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
08:24:39.0394 5120	NdisCap - ok
08:24:39.0425 5120	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
08:24:39.0488 5120	NdisTapi - ok
08:24:39.0534 5120	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
08:24:39.0612 5120	Ndisuio - ok
08:24:39.0659 5120	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
08:24:39.0768 5120	NdisWan - ok
08:24:39.0800 5120	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
08:24:39.0862 5120	NDProxy - ok
08:24:39.0909 5120	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
08:24:39.0971 5120	NetBIOS - ok
08:24:40.0018 5120	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
08:24:40.0080 5120	NetBT - ok
08:24:40.0112 5120	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:24:40.0143 5120	Netlogon - ok
08:24:40.0205 5120	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
08:24:40.0283 5120	Netman - ok
08:24:40.0299 5120	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
08:24:40.0377 5120	netprofm - ok
08:24:40.0455 5120	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:24:40.0502 5120	NetTcpPortSharing - ok
08:24:40.0533 5120	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
08:24:40.0564 5120	nfrd960 - ok
08:24:40.0611 5120	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
08:24:40.0673 5120	NlaSvc - ok
08:24:40.0704 5120	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
08:24:40.0751 5120	Npfs - ok
08:24:40.0782 5120	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
08:24:40.0829 5120	nsi - ok
08:24:40.0845 5120	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
08:24:40.0923 5120	nsiproxy - ok
08:24:41.0032 5120	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
08:24:41.0126 5120	Ntfs - ok
08:24:41.0266 5120	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
08:24:41.0313 5120	Null - ok
08:24:41.0375 5120	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
08:24:41.0406 5120	nvraid - ok
08:24:41.0438 5120	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
08:24:41.0484 5120	nvstor - ok
08:24:41.0500 5120	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
08:24:41.0547 5120	nv_agp - ok
08:24:41.0594 5120	OberonGameConsoleService (b5d5da8230d3d3525839d939a9196c3e) C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
08:24:41.0625 5120	OberonGameConsoleService - ok
08:24:41.0687 5120	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
08:24:41.0734 5120	ohci1394 - ok
08:24:41.0796 5120	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:24:41.0828 5120	ose - ok
08:24:42.0218 5120	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:24:42.0436 5120	osppsvc - ok
08:24:42.0686 5120	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:24:42.0764 5120	p2pimsvc - ok
08:24:42.0795 5120	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
08:24:42.0842 5120	p2psvc - ok
08:24:42.0888 5120	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
08:24:42.0935 5120	Parport - ok
08:24:42.0982 5120	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
08:24:43.0013 5120	partmgr - ok
08:24:43.0029 5120	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
08:24:43.0076 5120	Parvdm - ok
08:24:43.0107 5120	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
08:24:43.0154 5120	PcaSvc - ok
08:24:43.0185 5120	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
08:24:43.0232 5120	pci - ok
08:24:43.0263 5120	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
08:24:43.0294 5120	pciide - ok
08:24:43.0325 5120	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
08:24:43.0372 5120	pcmcia - ok
08:24:43.0388 5120	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
08:24:43.0403 5120	pcw - ok
08:24:43.0466 5120	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
08:24:43.0559 5120	PEAUTH - ok
08:24:43.0762 5120	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
08:24:43.0871 5120	pla - ok
08:24:44.0058 5120	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
08:24:44.0136 5120	PlugPlay - ok
08:24:44.0292 5120	PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
08:24:44.0370 5120	PMBDeviceInfoProvider - ok
08:24:44.0402 5120	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
08:24:44.0448 5120	PNRPAutoReg - ok
08:24:44.0480 5120	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:24:44.0526 5120	PNRPsvc - ok
08:24:44.0589 5120	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
08:24:44.0682 5120	PolicyAgent - ok
08:24:44.0745 5120	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
08:24:44.0870 5120	Power - ok
08:24:45.0057 5120	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
08:24:45.0166 5120	PptpMiniport - ok
08:24:45.0197 5120	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
08:24:45.0228 5120	Processor - ok
08:24:45.0306 5120	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
08:24:45.0370 5120	ProfSvc - ok
08:24:45.0417 5120	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:24:45.0448 5120	ProtectedStorage - ok
08:24:45.0479 5120	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
08:24:45.0557 5120	Psched - ok
08:24:45.0619 5120	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys
08:24:45.0651 5120	PxHelp20 - ok
08:24:45.0807 5120	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
08:24:45.0885 5120	ql2300 - ok
08:24:46.0025 5120	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
08:24:46.0056 5120	ql40xx - ok
08:24:46.0165 5120	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
08:24:46.0243 5120	QWAVE - ok
08:24:46.0275 5120	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
08:24:46.0321 5120	QWAVEdrv - ok
08:24:46.0775 5120	Radio.fx        (138f7963118ec710c348819c08f72230) C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
08:24:46.0900 5120	Radio.fx - ok
08:24:47.0040 5120	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
08:24:47.0102 5120	RasAcd - ok
08:24:47.0165 5120	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
08:24:47.0227 5120	RasAgileVpn - ok
08:24:47.0274 5120	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
08:24:47.0368 5120	RasAuto - ok
08:24:47.0399 5120	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
08:24:47.0477 5120	Rasl2tp - ok
08:24:47.0555 5120	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
08:24:47.0633 5120	RasMan - ok
08:24:47.0695 5120	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
08:24:47.0758 5120	RasPppoe - ok
08:24:47.0804 5120	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
08:24:47.0882 5120	RasSstp - ok
08:24:47.0929 5120	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
08:24:47.0992 5120	rdbss - ok
08:24:48.0023 5120	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
08:24:48.0054 5120	rdpbus - ok
08:24:48.0101 5120	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
08:24:48.0163 5120	RDPCDD - ok
08:24:48.0210 5120	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
08:24:48.0272 5120	RDPENCDD - ok
08:24:48.0319 5120	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
08:24:48.0397 5120	RDPREFMP - ok
08:24:48.0460 5120	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
08:24:48.0522 5120	RDPWD - ok
08:24:48.0584 5120	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
08:24:48.0631 5120	rdyboost - ok
08:24:48.0709 5120	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
08:24:48.0787 5120	RemoteAccess - ok
08:24:48.0834 5120	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
08:24:48.0912 5120	RemoteRegistry - ok
08:24:48.0959 5120	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
08:24:49.0037 5120	RpcEptMapper - ok
08:24:49.0084 5120	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
08:24:49.0130 5120	RpcLocator - ok
08:24:49.0177 5120	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:24:49.0240 5120	RpcSs - ok
08:24:49.0302 5120	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
08:24:49.0396 5120	rspndr - ok
08:24:49.0458 5120	RTL8167         (05c2613f661584190c752f6184d1c8ef) C:\windows\system32\DRIVERS\Rt86win7.sys
08:24:49.0520 5120	RTL8167 - ok
08:24:49.0567 5120	SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
08:24:49.0614 5120	SABI - ok
08:24:49.0708 5120	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:24:49.0739 5120	SamSs - ok
08:24:49.0801 5120	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
08:24:49.0832 5120	sbp2port - ok
08:24:49.0879 5120	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
08:24:49.0957 5120	SCardSvr - ok
08:24:50.0004 5120	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
08:24:50.0082 5120	scfilter - ok
08:24:50.0176 5120	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
08:24:50.0269 5120	Schedule - ok
08:24:50.0316 5120	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:24:50.0378 5120	SCPolicySvc - ok
08:24:50.0425 5120	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
08:24:50.0503 5120	SDRSVC - ok
08:24:50.0566 5120	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
08:24:50.0644 5120	secdrv - ok
08:24:50.0737 5120	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
08:24:50.0800 5120	seclogon - ok
08:24:50.0831 5120	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
08:24:50.0940 5120	SENS - ok
08:24:51.0002 5120	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
08:24:51.0049 5120	SensrSvc - ok
08:24:51.0268 5120	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
08:24:51.0299 5120	Serenum - ok
08:24:51.0377 5120	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
08:24:51.0580 5120	Serial - ok
08:24:51.0704 5120	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
08:24:51.0751 5120	sermouse - ok
08:24:51.0829 5120	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
08:24:51.0938 5120	SessionEnv - ok
08:24:52.0110 5120	sesvc           (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files\ShadowExplorer\sesvc.exe
08:24:52.0126 5120	sesvc ( UnsignedFile.Multi.Generic ) - warning
08:24:52.0126 5120	sesvc - detected UnsignedFile.Multi.Generic (1)
08:24:52.0172 5120	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
08:24:52.0266 5120	sffdisk - ok
08:24:52.0297 5120	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
08:24:52.0328 5120	sffp_mmc - ok
08:24:52.0344 5120	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
08:24:52.0391 5120	sffp_sd - ok
08:24:52.0422 5120	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
08:24:52.0500 5120	sfloppy - ok
08:24:52.0562 5120	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
08:24:52.0656 5120	SharedAccess - ok
08:24:52.0734 5120	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
08:24:52.0952 5120	ShellHWDetection - ok
08:24:53.0030 5120	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
08:24:53.0062 5120	sisagp - ok
08:24:53.0108 5120	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
08:24:53.0140 5120	SiSRaid2 - ok
08:24:53.0171 5120	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
08:24:53.0202 5120	SiSRaid4 - ok
08:24:53.0249 5120	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
08:24:53.0358 5120	Smb - ok
08:24:53.0420 5120	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
08:24:53.0483 5120	SNMPTRAP - ok
08:24:53.0514 5120	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
08:24:53.0545 5120	spldr - ok
08:24:53.0686 5120	Spooler         (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
08:24:53.0764 5120	Spooler - ok
08:24:54.0091 5120	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
08:24:54.0278 5120	sppsvc - ok
08:24:54.0419 5120	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
08:24:54.0481 5120	sppuinotify - ok
08:24:54.0607 5120	SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:24:54.0623 5120	SQLBrowser - ok
08:24:54.0701 5120	SQLWriter       (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:24:54.0732 5120	SQLWriter - ok
08:24:54.0825 5120	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
08:24:54.0888 5120	srv - ok
08:24:54.0935 5120	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
08:24:54.0997 5120	srv2 - ok
08:24:55.0028 5120	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
08:24:55.0091 5120	srvnet - ok
08:24:55.0137 5120	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
08:24:55.0200 5120	SSDPSRV - ok
08:24:55.0231 5120	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
08:24:55.0309 5120	SstpSvc - ok
08:24:55.0465 5120	StarMoney 7.0 OnlineUpdate (e8606bf6be3b7481d95f1dd2e4f3fcba) C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
08:24:55.0512 5120	StarMoney 7.0 OnlineUpdate - ok
08:24:55.0730 5120	StarMoney 8.0 OnlineUpdate (7e784dc5c7ce2c6f3c392ad320f5f2c0) C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
08:24:55.0777 5120	StarMoney 8.0 OnlineUpdate - ok
08:24:56.0354 5120	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
08:24:56.0401 5120	stexstor - ok
08:24:56.0479 5120	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
08:24:56.0713 5120	StiSvc - ok
08:24:56.0807 5120	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
08:24:56.0838 5120	swenum - ok
08:24:56.0900 5120	swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
08:24:57.0009 5120	swprv - ok
08:24:57.0087 5120	SynTP           (7a9025d8f7852b06d6d08ed536135e7e) C:\windows\system32\DRIVERS\SynTP.sys
08:24:57.0119 5120	SynTP - ok
08:24:57.0275 5120	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
08:24:57.0368 5120	SysMain - ok
08:24:57.0431 5120	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
08:24:57.0555 5120	TabletInputService - ok
08:24:57.0696 5120	TapiSrv         (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
08:24:57.0836 5120	TapiSrv - ok
08:24:57.0883 5120	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
08:24:58.0023 5120	TBS - ok
08:24:58.0226 5120	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
08:24:58.0335 5120	Tcpip - ok
08:24:58.0741 5120	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
08:24:58.0819 5120	TCPIP6 - ok
08:24:59.0115 5120	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
08:24:59.0225 5120	tcpipreg - ok
08:24:59.0271 5120	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
08:24:59.0318 5120	TDPIPE - ok
08:24:59.0412 5120	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
08:24:59.0459 5120	TDTCP - ok
08:24:59.0505 5120	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
08:24:59.0568 5120	tdx - ok
08:24:59.0615 5120	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
08:24:59.0646 5120	TermDD - ok
08:24:59.0740 5120	TermService     (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
08:24:59.0834 5120	TermService - ok
08:24:59.0881 5120	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
08:24:59.0928 5120	Themes - ok
08:24:59.0974 5120	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:25:00.0052 5120	THREADORDER - ok
08:25:00.0084 5120	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
08:25:00.0177 5120	TrkWks - ok
08:25:00.0271 5120	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
08:25:00.0333 5120	TrustedInstaller - ok
08:25:00.0364 5120	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
08:25:00.0442 5120	tssecsrv - ok
08:25:00.0552 5120	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
08:25:00.0583 5120	TsUsbFlt - ok
08:25:00.0645 5120	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
08:25:00.0770 5120	tunnel - ok
08:25:00.0817 5120	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
08:25:00.0848 5120	uagp35 - ok
08:25:00.0910 5120	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
08:25:01.0066 5120	udfs - ok
08:25:01.0113 5120	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
08:25:01.0222 5120	UI0Detect - ok
08:25:01.0269 5120	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
08:25:01.0300 5120	uliagpkx - ok
08:25:01.0347 5120	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
08:25:01.0378 5120	umbus - ok
08:25:01.0410 5120	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
08:25:01.0456 5120	UmPass - ok
08:25:01.0628 5120	UMVPFSrv        (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
08:25:01.0675 5120	UMVPFSrv - ok
08:25:01.0737 5120	upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
08:25:01.0831 5120	upnphost - ok
08:25:01.0893 5120	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
08:25:01.0940 5120	usbaudio - ok
08:25:01.0987 5120	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
08:25:02.0049 5120	usbccgp - ok
08:25:02.0112 5120	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
08:25:02.0158 5120	usbcir - ok
08:25:02.0205 5120	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
08:25:02.0236 5120	usbehci - ok
08:25:02.0314 5120	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
08:25:02.0439 5120	usbhub - ok
08:25:02.0486 5120	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
08:25:02.0564 5120	usbohci - ok
08:25:02.0611 5120	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
08:25:02.0658 5120	usbprint - ok
08:25:02.0751 5120	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
08:25:02.0814 5120	usbscan - ok
08:25:02.0876 5120	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:25:02.0954 5120	USBSTOR - ok
08:25:03.0001 5120	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
08:25:03.0063 5120	usbuhci - ok
08:25:03.0141 5120	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\system32\Drivers\usbvideo.sys
08:25:03.0219 5120	usbvideo - ok
08:25:03.0266 5120	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
08:25:03.0344 5120	UxSms - ok
08:25:03.0406 5120	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:25:03.0438 5120	VaultSvc - ok
08:25:03.0500 5120	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
08:25:03.0531 5120	vdrvroot - ok
08:25:03.0625 5120	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
08:25:03.0718 5120	vds - ok
08:25:03.0765 5120	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
08:25:03.0812 5120	vga - ok
08:25:03.0859 5120	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
08:25:03.0921 5120	VgaSave - ok
08:25:03.0968 5120	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
08:25:04.0015 5120	vhdmp - ok
08:25:04.0062 5120	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
08:25:04.0093 5120	viaagp - ok
08:25:04.0124 5120	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
08:25:04.0171 5120	ViaC7 - ok
08:25:04.0202 5120	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
08:25:04.0233 5120	viaide - ok
08:25:04.0249 5120	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
08:25:04.0280 5120	volmgr - ok
08:25:04.0342 5120	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
08:25:04.0374 5120	volmgrx - ok
08:25:04.0420 5120	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
08:25:04.0467 5120	volsnap - ok
08:25:04.0514 5120	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
08:25:04.0561 5120	vsmraid - ok
08:25:04.0686 5120	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
08:25:04.0795 5120	VSS - ok
08:25:04.0826 5120	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
08:25:04.0857 5120	vwifibus - ok
08:25:04.0920 5120	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
08:25:04.0966 5120	vwififlt - ok
08:25:04.0998 5120	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
08:25:05.0044 5120	vwifimp - ok
08:25:05.0091 5120	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
08:25:05.0185 5120	W32Time - ok
08:25:05.0232 5120	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
08:25:05.0278 5120	WacomPen - ok
08:25:05.0341 5120	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:25:05.0434 5120	WANARP - ok
08:25:05.0450 5120	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:25:05.0497 5120	Wanarpv6 - ok
08:25:05.0700 5120	WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
08:25:05.0778 5120	WatAdminSvc - ok
08:25:06.0027 5120	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
08:25:06.0121 5120	wbengine - ok
08:25:06.0168 5120	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
08:25:06.0230 5120	WbioSrvc - ok
08:25:06.0292 5120	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
08:25:06.0370 5120	wcncsvc - ok
08:25:06.0402 5120	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
08:25:06.0448 5120	WcsPlugInService - ok
08:25:06.0511 5120	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
08:25:06.0542 5120	Wd - ok
08:25:06.0604 5120	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
08:25:06.0651 5120	Wdf01000 - ok
08:25:06.0714 5120	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:25:06.0792 5120	WdiServiceHost - ok
08:25:06.0807 5120	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:25:06.0854 5120	WdiSystemHost - ok
08:25:06.0901 5120	WebClient       (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
08:25:06.0963 5120	WebClient - ok
08:25:07.0010 5120	Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
08:25:07.0088 5120	Wecsvc - ok
08:25:07.0119 5120	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
08:25:07.0182 5120	wercplsupport - ok
08:25:07.0244 5120	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
08:25:07.0322 5120	WerSvc - ok
08:25:07.0353 5120	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
08:25:07.0416 5120	WfpLwf - ok
08:25:07.0431 5120	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
08:25:07.0462 5120	WIMMount - ok
08:25:07.0603 5120	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
08:25:07.0681 5120	WinDefend - ok
08:25:07.0712 5120	WinHttpAutoProxySvc - ok
08:25:07.0806 5120	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
08:25:07.0868 5120	Winmgmt - ok
08:25:07.0993 5120	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
08:25:08.0133 5120	WinRM - ok
08:25:08.0227 5120	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
08:25:08.0289 5120	WinUsb - ok
08:25:08.0398 5120	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
08:25:08.0461 5120	Wlansvc - ok
08:25:08.0648 5120	wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:25:08.0726 5120	wlidsvc - ok
08:25:08.0882 5120	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
08:25:08.0913 5120	WmiAcpi - ok
08:25:09.0007 5120	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
08:25:09.0085 5120	wmiApSrv - ok
08:25:09.0256 5120	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:25:09.0350 5120	WMPNetworkSvc - ok
08:25:09.0490 5120	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
08:25:09.0553 5120	WPCSvc - ok
08:25:09.0600 5120	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
08:25:09.0646 5120	WPDBusEnum - ok
08:25:09.0724 5120	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
08:25:09.0787 5120	ws2ifsl - ok
08:25:09.0818 5120	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
08:25:09.0880 5120	wscsvc - ok
08:25:09.0896 5120	WSearch - ok
08:25:10.0083 5120	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
08:25:10.0177 5120	wuauserv - ok
08:25:10.0333 5120	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
08:25:10.0395 5120	WudfPf - ok
08:25:10.0442 5120	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
08:25:10.0504 5120	WUDFRd - ok
08:25:10.0582 5120	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
08:25:10.0645 5120	wudfsvc - ok
08:25:10.0738 5120	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
08:25:10.0801 5120	WwanSvc - ok
08:25:10.0879 5120	MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
08:25:11.0440 5120	\Device\Harddisk0\DR0 - ok
08:25:11.0456 5120	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
08:25:11.0565 5120	\Device\Harddisk1\DR1 - ok
08:25:11.0565 5120	Boot (0x1200)   (21f9a82ddeb4df9cea3b7b9da55f8f8a) \Device\Harddisk0\DR0\Partition0
08:25:11.0565 5120	\Device\Harddisk0\DR0\Partition0 - ok
08:25:11.0596 5120	Boot (0x1200)   (1cf201412f0213464cb101bf59833b11) \Device\Harddisk0\DR0\Partition1
08:25:11.0596 5120	\Device\Harddisk0\DR0\Partition1 - ok
08:25:11.0628 5120	Boot (0x1200)   (f854311fe5e56e925d2359d3706f3093) \Device\Harddisk0\DR0\Partition2
08:25:11.0643 5120	\Device\Harddisk0\DR0\Partition2 - ok
08:25:11.0643 5120	Boot (0x1200)   (3b5e81e7d305a01fcf364730bd0fe86d) \Device\Harddisk1\DR1\Partition0
08:25:11.0659 5120	\Device\Harddisk1\DR1\Partition0 - ok
08:25:11.0659 5120	============================================================
08:25:11.0659 5120	Scan finished
08:25:11.0659 5120	============================================================
08:25:11.0674 5292	Detected object count: 2
08:25:11.0674 5292	Actual detected object count: 2
08:26:04.0730 5292	C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe - copied to quarantine
08:26:04.0730 5292	EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
08:26:04.0949 5292	C:\Program Files\ShadowExplorer\sesvc.exe - copied to quarantine
08:26:04.0949 5292	sesvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
         
Leider habe ich die beiden gefundenen Files in Quarantäne gestellt anstatt sie unhebelligt zu lassen.
KastorPollux

Alt 13.07.2012, 17:03   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent.CWIGen - Standard

Trojan.Agent.CWIGen



ShadowExplorer und was von Epson - wirst du notfalls neu- oder nachinstallieren müssen

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________

__________________

Alt 13.07.2012, 19:18   #18
KastorPollux
 
Trojan.Agent.CWIGen - Standard

Trojan.Agent.CWIGen



Hallo Cosinus,
hier ist der Combofix-Logfile:
[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-13.03 - Hans 13.07.2012  18:38:40.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3005.2074 [GMT 2:00]
ausgeführt von:: c:\users\Hans\Desktop\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-13 bis 2012-07-13  ))))))))))))))))))))))))))))))
.
.
2012-07-13 16:47 . 2012-07-13 16:47	--------	d-----w-	c:\users\Ingeborg\AppData\Local\temp
2012-07-13 16:47 . 2012-07-13 16:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-13 06:26 . 2012-07-13 06:26	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-07-12 16:22 . 2012-07-12 16:22	--------	d-----w-	C:\_OTL
2012-07-12 04:10 . 2012-06-02 08:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-07-12 04:10 . 2012-06-02 09:08	140920	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-07-12 04:10 . 2012-06-02 08:22	194560	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-07-12 04:10 . 2012-06-02 08:21	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-07-12 04:10 . 2012-06-02 08:20	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-07-12 04:10 . 2012-06-02 08:33	1800192	----a-w-	c:\windows\system32\jscript9.dll
2012-07-12 04:10 . 2012-06-02 08:25	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-07-12 04:09 . 2012-06-02 09:08	748664	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2012-07-12 04:09 . 2012-06-02 08:27	678912	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-07-12 04:09 . 2012-06-02 08:26	387584	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2012-07-12 04:09 . 2012-06-02 08:25	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-07-12 04:04 . 2012-06-12 02:40	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 20:28 . 2012-07-11 20:29	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-11 20:27 . 2012-06-06 05:05	1019904	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 20:27 . 2012-06-06 05:05	352256	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 20:27 . 2012-06-06 05:03	805376	----a-w-	c:\windows\system32\cdosys.dll
2012-07-11 20:27 . 2012-06-06 05:05	57344	----a-w-	c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 20:27 . 2012-06-06 05:05	212992	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 20:27 . 2012-06-06 05:05	143360	----a-w-	c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 20:27 . 2012-06-06 05:05	372736	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 20:27 . 2012-06-06 05:05	1390080	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 20:27 . 2012-06-06 05:05	1236992	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 20:27 . 2010-06-26 03:24	2048	----a-w-	c:\windows\system32\msxml3r.dll
2012-07-11 20:26 . 2012-06-02 04:40	369336	----a-w-	c:\windows\system32\drivers\cng.sys
2012-07-11 20:26 . 2012-06-02 04:45	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 20:26 . 2012-06-02 04:39	219136	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-11 20:26 . 2012-06-02 04:40	225280	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 20:26 . 2012-06-02 04:45	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-09 18:25 . 2012-07-11 13:31	--------	d-----w-	C:\TEMP
2012-07-09 18:01 . 2012-07-09 18:01	--------	d-----w-	c:\users\Hans\AppData\Roaming\JPEGsnoop
2012-07-09 17:38 . 2012-07-09 17:38	--------	d-----w-	c:\users\Hans\AppData\Roaming\www.shadowexplorer.com
2012-07-09 17:38 . 2012-07-09 17:38	--------	d-----w-	c:\program files\ShadowExplorer
2012-07-04 09:40 . 2012-07-04 09:40	--------	d-----w-	c:\program files\ESET
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\system32\msxml4.dll
2012-06-25 07:34 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-25 07:34 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-25 07:34 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-25 07:34 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-25 07:33 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-25 07:33 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-25 07:33 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-25 07:33 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-25 07:33 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-23 19:43 . 2012-06-23 19:43	--------	d-----w-	c:\users\Hans\AppData\Roaming\Malwarebytes
2012-06-23 17:37 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-23 17:37 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-23 17:37 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-23 17:37 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-23 17:37 . 2012-05-01 04:44	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-06-23 17:37 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-23 17:37 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-23 17:37 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-23 17:36 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-23 17:34 . 2012-06-23 17:34	--------	d-----w-	c:\users\Ingeborg\AppData\Roaming\Malwarebytes
2012-06-23 17:34 . 2012-06-23 17:34	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-23 17:34 . 2012-06-23 17:34	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-23 17:34 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 16:22 . 2012-04-28 15:49	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-13 16:22 . 2011-05-16 04:24	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-30 04:50 . 2012-05-30 04:50	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11	2872120	----a-w-	c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11	2872120	----a-w-	c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11	2872120	----a-w-	c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"ChromeFrameHelper"="c:\users\Hans\AppData\Local\Google\Chrome\Application\20.0.1132.57\chrome_frame_helper.exe" [2012-07-10 96792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"ConnectionCenter"="c:\users\Hans\AppData\Local\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [x]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
S2 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [x]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [x]
S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 36018540
*Deregistered* - 36018540
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 16:22]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 20:34]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 20:34]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1008Core.job
- c:\users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 11:26]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1008UA.job
- c:\users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 11:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 78.42.43.62 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-SmartDraw VP - c:\smartd~1\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5784)
c:\program files\McAfee Online Backup\MOBKshell.dll
.
Zeit der Fertigstellung: 2012-07-13  18:49:17
ComboFix-quarantined-files.txt  2012-07-13 16:49
.
Vor Suchlauf: 10 Verzeichnis(se), 86.486.671.360 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 86.383.177.728 Bytes frei
.
- - End Of File - - E7DE66F63D9FA520E072DF46AE4EDC51
         
--- --- ---

Kann ich die TDSS quarantänisierten files nicht zurückbenennen und an den alten Ort zurückkopieren?
Vielen Dank
KastorPollux
__________________

Alt 13.07.2012, 22:41   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent.CWIGen - Standard

Trojan.Agent.CWIGen



Mir ist keine einfach Möglichkeit bekannt, wie man Elemente aus der TDSS-Killer-Q einfach per Knopfdruck recovern kann. Ich hoffe dafür gibt es in zukunfigen Versionen mal so eine Funktion. Bis dahin heißt es einfach die Anleitungen richtig lesen und umsetzen!

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.07.2012, 15:45   #20
KastorPollux
 
Trojan.Agent.CWIGen - Standard

Trojan.Agent.CWIGen



Hallo Cosinus,
Es folgen der logfile von Gmer (als Anhang) und OSAM. aswMBR ist 3 mal an derselben Stelle abgestürzt. Einen Screenshot mit der Fehlermeldung habe ich angehängt.
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:39:31 on 14.07.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1008Core.job" - "Google Inc." - C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1008UA.job" - "Google Inc." - C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\Hans\AppData\Local\Temp\catchme.sys  (File not found)
"Citrix USB Monitor Driver" (ctxusbm) - "Citrix Systems, Inc." - C:\windows\System32\DRIVERS\ctxusbm.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys
"Huawei MobileBroadband USB PNP Device" (ew_hwusbdev) - ? - C:\windows\System32\DRIVERS\ew_hwusbdev.sys  (File not found)
"huawei_cdcacm" (huawei_cdcacm) - ? - C:\windows\System32\DRIVERS\ew_jucdcacm.sys  (File not found)
"huawei_enumerator" (huawei_enumerator) - ? - C:\windows\System32\DRIVERS\ew_jubusenum.sys  (File not found)
"kxdyikow" (kxdyikow) - ? - C:\Users\Hans\AppData\Local\Temp\kxdyikow.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbamswissarmy.sys
"McAfee Inc." (mfeavfk01) - ? - C:\windows\system32\drivers\mfeavfk01.sys  (File not found)
"MOBKFilter" (MOBKFilter) - "Mozy, Inc." - C:\windows\System32\DRIVERS\MOBK.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\windows\System32\Drivers\PxHelp20.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Users\Hans\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
{3EF5086B-5478-4598-A054-786C45D75692} "McInternetProtocolRoot Class" - "McAfee, Inc." - c:\progra~1\mcafee\msc\mcsniepl.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{781bca65-20ed-8f6a-368f-b523ec4f51b2} "McAfee Online Backup" - "McAfee, Inc." - C:\Program Files\McAfee Online Backup\MOBKshell.dll
{3c3f3c1a-9153-7c05-f938-622e7003894d} "McAfee Online Backup Shell-Erweiterungen" - "McAfee, Inc." - C:\Program Files\McAfee Online Backup\MOBKshell.dll
{e6ea1d7d-144e-b977-98c4-84c53c1a69d0} "McAfee Online Backup Shell-Erweiterungen Icon Overlay 2" - "McAfee, Inc." - C:\Program Files\McAfee Online Backup\MOBKshell.dll
{b4caf489-1eec-c617-49ad-8d7088598c06} "McAfee Online Backup Shell-Erweiterungen Icon Overlay 3" - "McAfee, Inc." - C:\Program Files\McAfee Online Backup\MOBKshell.dll
{AF6FB31C-95D0-4A0E-8AFE-099969D8B689} "McAfee-Depots" - "McAfee, Inc." - c:\progra~1\mcafee\mat\mcpvns.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} "Sprint.ExplorerIntegration.9" - "ABBYY" - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120624094824.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Xdtsrk )-----
"desktop.ini" - ? - C:\Users\Hans\AppData\Roaming\Xdtsrk\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ChromeFrameHelper" - "Google Inc." - "C:\Users\Hans\AppData\Local\Google\Chrome\Application\20.0.1132.57\chrome_frame_helper.exe" --startup
"OfficeSyncProcess" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"ConnectionCenter" - "Citrix Systems, Inc." - "C:\Users\Hans\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
"EEventManager" - "SEIKO EPSON CORPORATION" - "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
"McPvTray_exe" - "McAfee, Inc." - "C:\Program Files\McAfee\MAT\McPvTray.exe"
"mcui_exe" - "McAfee, Inc." - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
"PMBVolumeWatcher" - "Sony Corporation" - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EpsonNet Print Port" - "SEIKO EPSON CORPORATION" - C:\windows\system32\enppmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"1%" (MOBKbackup) - "McAfee, Inc." - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
"ABBYY FineReader 9.0 Sprint Licensing Service" (ABBYY.Licensing.FineReader.Sprint.9.0) - "ABBYY" - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"EpsonBidirectionalService" (EpsonBidirectionalService) - "SEIKO EPSON CORPORATION" - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"McAfee Anti-Spam Service" (MSK80Service) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
"McAfee Firewall Core Service" (mfefire) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
"McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
"McAfee Network Agent" (McNASvc) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
"McAfee Personal Firewall Service" (McMPFSvc) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
"McAfee Proxy Service" (McProxy) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
"McAfee Scanner" (McODS) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan\mcods.exe
"McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
"McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
"McAfee VirusScan Announcer" (McNaiAnn) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Oberon Media Game Console service" (OberonGameConsoleService) - ? - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PMBDeviceInfoProvider" (PMBDeviceInfoProvider) - "Sony Corporation" - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
"Radio.fx Server" (Radio.fx) - ? - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
"ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files\ShadowExplorer\sesvc.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
"StarMoney 8.0 OnlineUpdate" (StarMoney 8.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
         
Vielen Dank
KastorPollux

Miniaturansicht angehängter Grafiken
Trojan.Agent.CWIGen-screenshot.jpg  

Alt 14.07.2012, 16:56   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent.CWIGen - Standard

Trojan.Agent.CWIGen



zu aswMBR gab es extra ganz unten von mir deswegen einen Hinweis!
__________________
--> Trojan.Agent.CWIGen

Alt 14.07.2012, 18:56   #22
KastorPollux
 
Trojan.Agent.CWIGen - Standard

Trojan.Agent.CWIGen



Danke für den Hinweis,
ich dachte ich könnte lesen.
Hier folgt der LOGfile:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-14 18:48:27
-----------------------------
18:48:27.177    OS Version: Windows 6.1.7601 Service Pack 1
18:48:27.177    Number of processors: 2 586 0x170A
18:48:27.177    ComputerName: INGEBORG-PC  UserName: Hans
18:48:27.770    Initialize success
18:48:32.843    AVAST engine defs: 12071400
18:49:19.928    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:49:19.928    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
18:49:20.006    Disk 0 MBR read successfully
18:49:20.006    Disk 0 MBR scan
18:49:20.021    Disk 0 unknown MBR code
18:49:20.037    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
18:49:20.053    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
18:49:20.068    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       144890 MB offset 31664128
18:49:20.099    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        60276 MB offset 328398848
18:49:20.115    Disk 0 scanning sectors +451844096
18:49:20.177    Disk 0 scanning C:\windows\system32\drivers
18:49:32.018    Service scanning
18:50:03.156    Modules scanning
18:50:11.798    Disk 0 trace - called modules:
18:50:11.829    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
18:50:11.845    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871b6030]
18:50:11.845    3 CLASSPNP.SYS[8c40459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86341028]
18:50:11.845    Scan finished successfully
18:50:35.276    Disk 0 MBR has been saved successfully to "C:\Users\Hans\Desktop\MBR.dat"
18:50:35.292    The log file has been saved successfully to "C:\Users\Hans\Desktop\aswMBR.txt"
         
Danke
KastorPollux

Alt 14.07.2012, 22:45   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent.CWIGen - Standard

Trojan.Agent.CWIGen



Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2012, 10:08   #24
KastorPollux
 
Trojan.Agent.CWIGen - Standard

Trojan.Agent.CWIGen



Hallo Cosinus,
hier folgt das LOG:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-15 09:51:14
-----------------------------
09:51:14.739    OS Version: Windows 6.1.7601 Service Pack 1
09:51:14.739    Number of processors: 2 586 0x170A
09:51:14.754    ComputerName: INGEBORG-PC  UserName: Hans
09:51:16.143    Initialize success
09:51:24.504    AVAST engine defs: 12071400
09:51:37.405    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:51:37.405    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
09:51:37.452    Disk 0 MBR read successfully
09:51:37.452    Disk 0 MBR scan
09:51:37.467    Disk 0 Windows 7 default MBR code
09:51:37.483    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
09:51:37.514    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
09:51:37.530    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       144890 MB offset 31664128
09:51:37.577    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        60276 MB offset 328398848
09:51:37.592    Disk 0 scanning sectors +451844096
09:51:37.701    Disk 0 scanning C:\windows\system32\drivers
09:51:53.475    Service scanning
09:52:31.509    Modules scanning
09:52:42.336    Disk 0 trace - called modules:
09:52:42.367    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
09:52:42.383    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871b77f0]
09:52:42.383    3 CLASSPNP.SYS[8c6ef59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86342028]
09:52:42.399    Scan finished successfully
09:53:32.272    Disk 0 MBR has been saved successfully to "C:\Users\Hans\Desktop\MBR.dat"
09:53:32.288    The log file has been saved successfully to "C:\Users\Hans\Desktop\aswMBR2.txt"
         
Danke
KastorPollux

Alt 15.07.2012, 17:54   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent.CWIGen - Standard

Trojan.Agent.CWIGen



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2012, 22:44   #26
KastorPollux
 
Trojan.Agent.CWIGen - Standard

Trojan.Agent.CWIGen



Hallo Cosinus,
hier sind ide beiden LOGS:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Hans :: INGEBORG-PC [Administrator]

15.07.2012 18:41:29
mbam-log-2012-07-15 (18-41-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 386644
Laufzeit: 1 Stunde(n), 40 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/15/2012 at 10:26 PM

Application Version : 5.5.1006

Core Rules Database Version : 8902
Trace Rules Database Version: 6714

Scan type       : Complete Scan
Total Scan Time : 01:27:33

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 882
Memory threats detected   : 0
Registry items scanned    : 37555
Registry threats detected : 0
File items scanned        : 138600
File threats detected     : 295

Adware.Tracking Cookie
	C:\USERS\HANS\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5DDCSIF.txt [ Cookie:hans@www.google.de/accounts ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\OL6E3XXR.txt [ Cookie:ingeborg@c.atdmt.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\ingeborg@content.yieldmanager[1].txt [ Cookie:ingeborg@content.yieldmanager.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\ingeborg@wasistsocialmedia[1].txt [ Cookie:ingeborg@wasistsocialmedia.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@tracking.hannoversche[1].txt [ Cookie:ingeborg@tracking.hannoversche.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\X5IX4DAL.txt [ Cookie:ingeborg@doubleclick.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\PMMMZ09I.txt [ Cookie:ingeborg@interclick.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@mediamarkt[2].txt [ Cookie:ingeborg@mediamarkt.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ad2.adfarm1.adition[1].txt [ Cookie:ingeborg@ad2.adfarm1.adition.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZWZY1PBZ.txt [ Cookie:ingeborg@zanox-affiliate.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@vodafonegroup.122.2o7[1].txt [ Cookie:ingeborg@vodafonegroup.122.2o7.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@rotator.adjuggler[2].txt [ Cookie:ingeborg@rotator.adjuggler.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\U3KXTB6O.txt [ Cookie:ingeborg@media6degrees.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@swrmediathek[2].txt [ Cookie:ingeborg@swrmediathek.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ads.pointroll[1].txt [ Cookie:ingeborg@ads.pointroll.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@e-2dj6whk4kpd5igp.stats.esomniture[2].txt [ Cookie:ingeborg@e-2dj6whk4kpd5igp.stats.esomniture.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\N4A2SCW3.txt [ Cookie:ingeborg@track.effiliation.com/servlet/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@adbrite[2].txt [ Cookie:ingeborg@adbrite.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\JCV8OELI.txt [ Cookie:ingeborg@ad2.adfarm1.adition.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@www.piloh[1].txt [ Cookie:ingeborg@www.piloh.de/stats/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\WZ0FRR2M.txt [ Cookie:ingeborg@adfarm1.adition.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\DNNUBB6T.txt [ Cookie:ingeborg@google.com/accounts/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZBF1HAXD.txt [ Cookie:ingeborg@fastclick.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\F04Q6XNL.txt [ Cookie:ingeborg@tracking.mindshare.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\JM17ZN1I.txt [ Cookie:ingeborg@tradedoubler.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\CLYC46H7.txt [ Cookie:ingeborg@stat.dealtime.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@clkads[3].txt [ Cookie:ingeborg@clkads.com/adServe/static/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@collective-media[1].txt [ Cookie:ingeborg@collective-media.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\WIKFNZYG.txt [ Cookie:ingeborg@apmebf.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@pointroll[2].txt [ Cookie:ingeborg@pointroll.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[1].txt [ Cookie:ingeborg@de.sitestat.com/sport1/sport1-de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\LUNT2I62.txt [ Cookie:ingeborg@ad4.adfarm1.adition.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUSL4C7K.txt [ Cookie:ingeborg@traffictrack.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@chitika[2].txt [ Cookie:ingeborg@chitika.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\P7GM4CSL.txt [ Cookie:ingeborg@smartadserver.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\DJKVAPV2.txt [ Cookie:ingeborg@statse.webtrendslive.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\RB6GOKYR.txt [ Cookie:ingeborg@imrworldwide.com/cgi-bin ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ad.adnet[1].txt [ Cookie:ingeborg@ad.adnet.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\O1YKV2QV.txt [ Cookie:ingeborg@eas.apm.emediate.eu/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@stats.paypal[2].txt [ Cookie:ingeborg@stats.paypal.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:ingeborg@microsoftinternetexplorer.112.2o7.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\UIMR7O4C.txt [ Cookie:ingeborg@paypal.112.2o7.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ads.quartermedia[2].txt [ Cookie:ingeborg@ads.quartermedia.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@adx.chip[2].txt [ Cookie:ingeborg@adx.chip.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\TYVVVULH.txt [ Cookie:ingeborg@webmasterplan.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\2YJ9N8MG.txt [ Cookie:ingeborg@www.active-tracking.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ru4[1].txt [ Cookie:ingeborg@ru4.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@www.brands4friends[3].txt [ Cookie:ingeborg@www.brands4friends.de/account/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@cmpmedica.112.2o7[1].txt [ Cookie:ingeborg@cmpmedica.112.2o7.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\98NTAK5J.txt [ Cookie:ingeborg@serving-sys.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\K4Q7OL3U.txt [ Cookie:ingeborg@ad.zanox.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ILFY3F1H.txt [ Cookie:ingeborg@invitemedia.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@srbg[2].txt [ Cookie:ingeborg@srbg.de/stats/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@zieltrack[1].txt [ Cookie:ingeborg@zieltrack.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@asco.122.2o7[1].txt [ Cookie:ingeborg@asco.122.2o7.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@cdn5.specificclick[1].txt [ Cookie:ingeborg@cdn5.specificclick.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\7K5RT0A9.txt [ Cookie:ingeborg@tomtailor.dyntracker.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\GLVWD0TN.txt [ Cookie:ingeborg@im.banner.t-online.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@e-2dj6wjmysjajihp.stats.esomniture[2].txt [ Cookie:ingeborg@e-2dj6wjmysjajihp.stats.esomniture.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@adlegend[2].txt [ Cookie:ingeborg@adlegend.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@tripod[2].txt [ Cookie:ingeborg@tripod.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@c.gigcount[1].txt [ Cookie:ingeborg@c.gigcount.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\P7ZB50K6.txt [ Cookie:ingeborg@pg2.solution.weborama.fr/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\0ENBU791.txt [ Cookie:ingeborg@adtech.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\724UYAMB.txt [ Cookie:ingeborg@revsci.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@rw.motorpresse-statistik[1].txt [ Cookie:ingeborg@rw.motorpresse-statistik.de/track/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\IFGKWGWH.txt [ Cookie:ingeborg@de.at.atwola.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\5HJHFH1J.txt [ Cookie:ingeborg@track.adform.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\311841DS.txt [ Cookie:ingeborg@stat.onestat.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@revsci[1].txt [ Cookie:ingeborg@revsci.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@pro-market[2].txt [ Cookie:ingeborg@pro-market.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@revenue[2].txt [ Cookie:ingeborg@revenue.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@microsoftsto.112.2o7[1].txt [ Cookie:ingeborg@microsoftsto.112.2o7.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@bizrate[3].txt [ Cookie:ingeborg@bizrate.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\H6J0GBB9.txt [ Cookie:ingeborg@wm.wiredminds.de/track/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\S3CO18M3.txt [ Cookie:ingeborg@ad1.adfarm1.adition.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\M3QTJWBN.txt [ Cookie:ingeborg@ad.dyntracker.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@liveperson[3].txt [ Cookie:ingeborg@liveperson.net/hc/LPneimanmarcus ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\VRPB6AYT.txt [ Cookie:ingeborg@adform.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@sleep-tracker[2].txt [ Cookie:ingeborg@sleep-tracker.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@w00tpublishers.wootmedia[1].txt [ Cookie:ingeborg@w00tpublishers.wootmedia.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@tracking.klicktel[2].txt [ Cookie:ingeborg@tracking.klicktel.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@s3.trafficmaxx[1].txt [ Cookie:ingeborg@s3.trafficmaxx.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@www.zieltracker[2].txt [ Cookie:ingeborg@www.zieltracker.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\EKDTIDNZ.txt [ Cookie:ingeborg@tracking.quisma.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[2].txt [ Cookie:ingeborg@de.sitestat.com/sport1/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@www1.addfreestats[1].txt [ Cookie:ingeborg@www1.addfreestats.com/cgi-bin ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@nextag[1].txt [ Cookie:ingeborg@nextag.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[3].txt [ Cookie:ingeborg@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@himedia.individuad[2].txt [ Cookie:ingeborg@himedia.individuad.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\MFY0ROX4.txt [ Cookie:ingeborg@amazon-adsystem.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@dealtime[1].txt [ Cookie:ingeborg@dealtime.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\PR19NEK4.txt [ Cookie:ingeborg@lucidmedia.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@clicks.pangora[2].txt [ Cookie:ingeborg@clicks.pangora.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@wasistsocialmedia[1].txt [ Cookie:ingeborg@wasistsocialmedia.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[4].txt [ Cookie:ingeborg@de.sitestat.com/is24/is24/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\VUXY79NG.txt [ Cookie:ingeborg@content.yieldmanager.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@fantasystats[1].txt [ Cookie:ingeborg@fantasystats.info/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@microsoftwindows.112.2o7[1].txt [ Cookie:ingeborg@microsoftwindows.112.2o7.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@keyword-advertising.web[1].txt [ Cookie:ingeborg@keyword-advertising.web.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@microsoftmachinetranslation.112.2o7[1].txt [ Cookie:ingeborg@microsoftmachinetranslation.112.2o7.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\4PWA1GYY.txt [ Cookie:ingeborg@accounts.google.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\R9SJ2CFV.txt [ Cookie:ingeborg@yieldmanager.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\6RRD077S.txt [ Cookie:ingeborg@frontlinegmbh.122.2o7.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[7].txt [ Cookie:ingeborg@de.sitestat.com/ing-diba/de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ad.adition[2].txt [ Cookie:ingeborg@ad.adition.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\XOA1MURA.txt [ Cookie:ingeborg@yadro.ru/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@adxpose[2].txt [ Cookie:ingeborg@adxpose.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\B9AKUKSC.txt [ Cookie:ingeborg@horyzon-media.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\B0F0JU7C.txt [ Cookie:ingeborg@forexyard.advertserve.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\FNXVVI39.txt [ Cookie:ingeborg@www.google.de/accounts ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@anrtx.tacoda[1].txt [ Cookie:ingeborg@anrtx.tacoda.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ANMW0KCP.txt [ Cookie:ingeborg@tracker.citizenhawk.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJSY8DCA.txt [ Cookie:ingeborg@estat.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\T734NYAJ.txt [ Cookie:ingeborg@histats.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ad.adserver01[1].txt [ Cookie:ingeborg@ad.adserver01.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\0M2CBYJW.txt [ Cookie:ingeborg@www.burstnet.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\P06W0H5L.txt [ Cookie:ingeborg@e-2dj6aelosjc5ccp.stats.esomniture.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\F84DQIBL.txt [ Cookie:ingeborg@www.zanox-affiliate.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZNPP1K16.txt [ Cookie:ingeborg@bestwestern.solution.weborama.fr/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BASS1ZV.txt [ Cookie:ingeborg@track.webtrekk.de/565556556123999/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\U8MQNQRF.txt [ Cookie:ingeborg@deutschepostag.112.2o7.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\EA92MCUY.txt [ Cookie:ingeborg@studivz.adfarm1.adition.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\YOYZNXRH.txt [ Cookie:ingeborg@eyewonder.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\AWS255T1.txt [ Cookie:ingeborg@at.atwola.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\97YNQJFT.txt [ Cookie:ingeborg@ar.atwola.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\X9JY76RR.txt [ Cookie:ingeborg@guj.122.2o7.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\LQIDO06Y.txt [ Cookie:ingeborg@kantarmedia.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\JEOLS65D.txt [ Cookie:ingeborg@www.google.com/settings/ads/preferences/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[10].txt [ Cookie:ingeborg@de.sitestat.com/ndr/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\4T6M281Q.txt [ Cookie:ingeborg@uk.at.atwola.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\EVH71VZ7.txt [ Cookie:ingeborg@unitymedia.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@insightexpressai[1].txt [ Cookie:ingeborg@insightexpressai.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@webstats.usz[1].txt [ Cookie:ingeborg@webstats.usz.ch/dcskr604d100008yvtp08umg1_4m8p ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\O5FEZYL2.txt [ Cookie:ingeborg@labelfinder.style.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\R6I8B94H.txt [ Cookie:ingeborg@eas4.emediate.eu/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@ads.mikinimedia[1].txt [ Cookie:ingeborg@ads.mikinimedia.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\TVZI0TT5.txt [ Cookie:ingeborg@www.google.com/accounts ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\5RDO2H2K.txt [ Cookie:ingeborg@e-2dj6wnkoglajsgo.stats.esomniture.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@de.sitestat[8].txt [ Cookie:ingeborg@de.sitestat.com/sueddeutscher/stuttgarter-zeitung/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\39U7KU8K.txt [ Cookie:ingeborg@www4.smartadserver.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\84NVPLFF.txt [ Cookie:ingeborg@specificclick.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ME44MQCE.txt [ Cookie:ingeborg@www.googleadservices.com/pagead/conversion/1070624563/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\6Q0HORN6.txt [ Cookie:ingeborg@conrad.122.2o7.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\ingeborg@liveperson[1].txt [ Cookie:ingeborg@liveperson.net/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\11A8XT9V.txt [ Cookie:ingeborg@moviepilot.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z6BPVIO1.txt [ Cookie:ingeborg@adserver.kino-zeit.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\EI00H0S3.txt [ Cookie:ingeborg@www.moviepilot.de/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\WBMHSFJK.txt [ Cookie:ingeborg@liveperson.net/hc/10599399 ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\TPHCTS7S.txt [ Cookie:ingeborg@bs.serving-sys.com/ ]
	C:\USERS\INGEBORG\AppData\Roaming\Microsoft\Windows\Cookies\Low\L5BAH08O.txt [ Cookie:ingeborg@ww251.smartadserver.com/ ]
	C:\USERS\INGEBORG\Cookies\OL6E3XXR.txt [ Cookie:ingeborg@c.atdmt.com/ ]
	C:\USERS\INGEBORG\Cookies\ingeborg@content.yieldmanager[1].txt [ Cookie:ingeborg@content.yieldmanager.com/ ]
	C:\USERS\INGEBORG\Cookies\ingeborg@wasistsocialmedia[1].txt [ Cookie:ingeborg@wasistsocialmedia.de/ ]
	.doubleclick.net [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad1.adfarm1.adition.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adfarm1.adition.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tradefx.advertserve.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad3.adfarm1.adition.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad2.adfarm1.adition.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.counter-go.de [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.adserver01.de [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.mlsat02.de [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.specificclick.net [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad.adnet.de [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adviva.net [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.amazon-adsystem.com [ C:\USERS\HANS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ADVIVA[1].TXT [ /ADVIVA ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@AD4.ADFARM1.ADITION[2].TXT [ /AD4.ADFARM1.ADITION ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ATDMT[2].TXT [ /ATDMT ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ADBRITE[1].TXT [ /ADBRITE ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@IM.BANNER.T-ONLINE[2].TXT [ /IM.BANNER.T-ONLINE ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@MEDIAMARKT[2].TXT [ /MEDIAMARKT ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@WWW.GOOGLEADSERVICES[1].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ATDMT[1].TXT [ /ATDMT ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ADXPOSE[1].TXT [ /ADXPOSE ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@ADVERTISING[1].TXT [ /ADVERTISING ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@REVSCI[2].TXT [ /REVSCI ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@AD1.ADFARM1.ADITION[2].TXT [ /AD1.ADFARM1.ADITION ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@TACODA.AT.ATWOLA[2].TXT [ /TACODA.AT.ATWOLA ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@DE.AT.ATWOLA[1].TXT [ /DE.AT.ATWOLA ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@EAS.APM.EMEDIATE[2].TXT [ /EAS.APM.EMEDIATE ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@FASTCLICK[1].TXT [ /FASTCLICK ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
	C:\USERS\HANS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HANS@XITI[1].TXT [ /XITI ]
	.apmebf.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad1.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad3.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tradefx.advertserve.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad.adnet.de [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adform.net [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad2.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\INGEBORG\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\INGEBORG@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\INGEBORG@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\INGEBORG@AD.YIELDMANAGER[3].TXT [ /AD.YIELDMANAGER ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\INGEBORG@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@SONYEUROPE.112.2O7[1].TXT [ /SONYEUROPE.112.2O7 ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@XITI[2].TXT [ /XITI ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@BIZRATE[1].TXT [ /BIZRATE ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@AD.WEB.BAZ[1].TXT [ /AD.WEB.BAZ ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADSERVER.YOPI[1].TXT [ /ADSERVER.YOPI ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@DATA.COREMETRICS[1].TXT [ /DATA.COREMETRICS ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@XITI[1].TXT [ /XITI ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ICE.112.2O7[1].TXT [ /ICE.112.2O7 ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@SERVE.ADVERTONIC[2].TXT [ /SERVE.ADVERTONIC ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.MYSWITZERLAND[1].TXT [ /ADS.MYSWITZERLAND ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@TRACK.EFFILIATION[1].TXT [ /TRACK.EFFILIATION ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@SERVING-SYS[2].TXT [ /SERVING-SYS ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@WWW.GOOGLEADSERVICES[9].TXT [ /WWW.GOOGLEADSERVICES ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ATDMT[3].TXT [ /ATDMT ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@REALMEDIA[1].TXT [ /REALMEDIA ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADECN[1].TXT [ /ADECN ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADVERTISING[1].TXT [ /ADVERTISING ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@KABELBW.112.2O7[1].TXT [ /KABELBW.112.2O7 ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ZBOX.ZANOX[2].TXT [ /ZBOX.ZANOX ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@APMEBF[2].TXT [ /APMEBF ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.PUBMATIC[2].TXT [ /ADS.PUBMATIC ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@EHG-ARTNETWORLDWIDE.HITBOX[2].TXT [ /EHG-ARTNETWORLDWIDE.HITBOX ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.AD4GAME[2].TXT [ /ADS.AD4GAME ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@RAINBOWMEDIA.122.2O7[1].TXT [ /RAINBOWMEDIA.122.2O7 ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@WEBSTATS.USZ[3].TXT [ /WEBSTATS.USZ ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@GENERALTRACKING[1].TXT [ /GENERALTRACKING ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@CLICKBANK[1].TXT [ /CLICKBANK ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@TRACKER.ISSUU[1].TXT [ /TRACKER.ISSUU ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ATDMT[1].TXT [ /ATDMT ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.123RECHT[1].TXT [ /ADS.123RECHT ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@NEXTAG[2].TXT [ /NEXTAG ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ZEDO[2].TXT [ /ZEDO ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@HITBOX[2].TXT [ /HITBOX ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@ADS.IMMOBILIENSCOUT24[1].TXT [ /ADS.IMMOBILIENSCOUT24 ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@TRACK.OZONION[1].TXT [ /TRACK.OZONION ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@CONTENT.YIELDMANAGER[4].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@GENENTECH.122.2O7[1].TXT [ /GENENTECH.122.2O7 ]
	C:\USERS\INGEBORG\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\INGEBORG@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]
         
Vielen Dank
KastorPollux

Alt 16.07.2012, 15:36   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Agent.CWIGen - Standard

Trojan.Agent.CWIGen



Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojan.Agent.CWIGen
administrator, anti-malware, anweisung, appdata, autostart, dateien, dateisystem, entschlüsseln, erfolgreich, erhalte, explorer, folge, folgende, gelöscht, heuristiks/extra, heuristiks/shuriken, logfile, malwarebytes, minute, quarantäne, rechner, registrierung, roaming, schlüsseln, service, speicher, temp, trojan.agent.cwigen, version



Ähnliche Themen: Trojan.Agent.CWIGen


  1. trojan.agent/Gen-frauder und trojan.agent/Gen-Reputation gefunden
    Log-Analyse und Auswertung - 02.11.2013 (10)
  2. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  3. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  4. Bublik b.; Trojan.Ransom.ED; Trojan.Agent.ED und Trojan.FakeMS.PRGen in Email?
    Mülltonne - 28.03.2013 (0)
  5. Vista: Trojan.Ransom.Gen; Trojan.0Access; Trojan.Agent; Firewall inaktiv
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (3)
  6. Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (8)
  7. Trojan.Fakesmoke, Trojan.Agent-128337, Trojan.Agent-128287 bei Desinfect 2012 (Clam AV)
    Log-Analyse und Auswertung - 06.02.2013 (17)
  8. Trojaner gefunden: Win 32:Patcher [Trj], Win.Trojan.Agent-36124, Win.Trojan.Agent-44393
    Log-Analyse und Auswertung - 02.02.2013 (7)
  9. TR/ATRAPS.Gen und TR/Kazy durch Antivir gemeldet; ferner Trojan.Agent.MRGGen, Trojan.0Access, Trojan.Dropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (10)
  10. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  11. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  12. Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (35)
  13. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  14. EXP/2008-5353.AO TR/Kazy.80527.3 Trojan.BT.Soft.Gen Trojan.Banker Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (5)
  15. Trojan.Agent, Trojan.FakeAltert, Trojan.Hiloti.Gen gefunden und gelöscht,aber wirklich weg?
    Log-Analyse und Auswertung - 27.04.2011 (11)
  16. Trojan.BHO, Spyware.Passwords.XGen, Trojan.Dropper und Trojan.Agent mit Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (9)
  17. Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 09.08.2010 (16)

Zum Thema Trojan.Agent.CWIGen - Hallo Cosinus, hier das TDSS Log: Code: Alles auswählen Aufklappen ATTFilter 08:23:34.0412 4852 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 08:23:34.0475 4852 ============================================================ 08:23:34.0475 4852 Current date / - Trojan.Agent.CWIGen...
Archiv
Du betrachtest: Trojan.Agent.CWIGen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.