Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Gema.exe win7 64 bit (https://www.trojaner-board.de/111198-gema-exe-win7-64-bit.html)

blök 09.03.2012 19:45
Gema.exe win7 64 bit
 
Hallo,
mein Onkel hat mich gebeten ihm seinen Rechner von diesem gema virus zu befreien. Dieses hatte ursprünglich nur einen nicht-administrator account befallen und diese zahlungsaufforderung verursacht, wurde aber wohl von security essentials so gut bekämpft, dass ich davon nichts mehr gesehen habe.

Ich habe mit einer sophos boot cd den computer gescannt wobei auch das virus gema.exe gefunden wurde. Das Virus habe ich nicht aber nicht löschen lassen, da das die auswertung und bekämpfung wohl behindern würde.

Security essentials hat das virus in Kategorie: Trojaner


file:C:\ProgramData\gema\gema.exe gefunden und wohl auch schon leider entfernt.

Diese dds.txt datei (und alle weiteren auch) wurde(n) vor der Entfernung erstellt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Scheff at 19:17:20 on 2012-03-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.6790 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Windows\LockStatusTray.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [AVMUSBFernanschluss] "C:\Users\Scheff\AppData\Local\Apps\2.0\A1G766T8.K0X\ZGQAQGYR.MO6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [LockStatusTray] C:\Windows\LockStatusTray.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7464BC37-E60E-43FB-9207-E8CA2F26C292} : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [LockStatusTray] C:\Windows\LockStatusTray.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Scheff\AppData\Roaming\Mozilla\Firefox\Profiles\298wmpqu.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\system32\DRIVERS\vsflt53.sys --> C:\Windows\system32\DRIVERS\vsflt53.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-6-29 158720]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-23 2655768]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 avmaudio;AVM Audio;C:\Windows\system32\DRIVERS\avmaudio.sys --> C:\Windows\system32\DRIVERS\avmaudio.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/02/03 22:24:26;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-11 248304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-2-1 25072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-09 10:19:00 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{357B5442-62F0-4DA9-8565-FEA63FF04EDA}\mpengine.dll
2012-03-09 10:08:59 -------- d-----w- C:\Users\Scheff\AppData\Local\{84D0CECF-CF0A-4036-B08A-56803A319EC9}
2012-03-09 10:08:49 -------- d-----w- C:\Users\Scheff\AppData\Local\{1A9DC001-B61E-47F6-A256-465ABB050112}
2012-03-06 19:46:13 -------- d-----w- C:\Users\Scheff\AppData\Local\{5417E114-2436-4A90-BA37-B0E2BF7E651A}
2012-03-06 19:46:03 -------- d-----w- C:\Users\Scheff\AppData\Local\{BE60CAF9-6181-4B3F-81F5-7475F9556B31}
2012-03-06 17:02:36 -------- d-----w- C:\Users\Scheff\AppData\Local\{05D2E33B-C0AF-4BE1-8B1A-F9697BEF4F18}
2012-03-06 15:56:53 -------- d-----w- C:\Users\Scheff\AppData\Local\{B011DC50-E411-444E-8A92-2600B521832F}
2012-03-06 15:47:14 -------- d-----w- C:\ProgramData\gema
2012-02-17 09:40:21 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-17 09:40:21 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-17 09:40:19 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-17 09:40:19 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-17 09:40:18 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-17 09:40:18 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-17 09:40:15 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-17 09:40:15 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-16 08:20:07 -------- d-----w- C:\Users\Scheff\AppData\Local\{9D3FB026-E5F1-48DD-9EAF-5E98DF6BC36B}
2012-02-16 08:19:56 -------- d-----w- C:\Users\Scheff\AppData\Local\{78701BAB-557C-4CAB-A630-B210F44B9FF6}
2012-02-15 15:38:33 -------- d-----w- C:\Program Files\Dell Support Center
2012-02-15 15:35:01 -------- d-----w- C:\Users\Scheff\AppData\Local\{269CB1BC-A794-4249-81D6-C833703F7938}
2012-02-15 15:34:50 -------- d-----w- C:\Users\Scheff\AppData\Local\{D543CA0C-717B-42CB-9454-A6BB1C5315D8}
2012-02-10 17:13:48 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D2C45D37-AA82-4968-8E82-7912897AAC5D}\gapaengine.dll
.
==================== Find3M ====================
.
2012-02-19 16:43:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 21:32:09 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-02-03 21:32:09 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-02-03 21:32:08 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:17:29,48 ===============

Liebe Grüße,http://www.trojaner-board.de/images/...ankeschoen.gif
blök

cosinus 12.03.2012 16:02
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

blök 27.03.2012 21:04
Hallo cosinus,

ich hatte bisschen was zu tun, darum kam ich erst jetzt zum posten der Scans:

Malwarebytes:

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: DESKTOP [Administrator]

Schutz: Aktiviert

17.03.2012 21:17:08
mbam-log-2012-03-17 (21-17-08).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 378192
Laufzeit: 25 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hier der Eset Bericht:

Code:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=aa6b86bdc983114db86724aa36e2616c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-17 09:32:07
# local_time=2012-03-17 10:32:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 20514736 83647486 0 0
# compatibility_mode=8192 67108863 100 0 3856 3856 0 0
# scanned=143264
# found=0
# cleaned=0
# scan_time=2291
Sophos antivirus Boot Cd hat auch nichts mehr gefunden. Ist das System jetzt Viren/Trojaner-frei?:dankeschoen:
Vielen Dank für die Mühe!

Blök

cosinus 27.03.2012 21:22
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

blök 28.03.2012 15:16
Hallo cosinus,

auf dem Rechner war vorher kein entsprechendes Programm installiert. und es gibt auch keine Logs.

blök

cosinus 28.03.2012 15:18
Hm dann hat MSE wohl doch alles gut entfernt :D

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

blök 28.03.2012 22:01
Hallo Arne,

hier das Ergebnis des OTL scans:

Code:
OTL Logfile:

       
Code:

       
OTL logfile created on: 28.03.2012 22:47:17 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,60% Memory free
15,96 Gb Paging File | 14,33 Gb Available in Paging File | 89,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 383,98 Gb Total Space | 333,70 Gb Free Space | 86,91% Space Free | Partition Type: NTFS
Drive D: | 1000,00 Gb Total Space | 842,00 Gb Free Space | 84,20% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 405,38 Gb Free Space | 87,04% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
PRC - C:\Users\Admin\AppData\Local\Apps\2.0\A1G766T8.K0X\ZGQAQGYR.MO6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Windows\LockStatusTray.exe (Logitech, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b74e1ad9110a39851b12cb46b3954163\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\35b997b2652f8f564b062e6a6e59055f\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll ()
MOD - C:\Users\Admin\AppData\Local\Apps\2.0\A1G766T8.K0X\ZGQAQGYR.MO6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (BrcmMgmtAgent) -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (vidsflt53) Acronis Disk Storage Filter (53) -- C:\Windows\SysNative\drivers\vsflt53.sys (Acronis)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1445623826-1914525768-99944756-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-1445623826-1914525768-99944756-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1445623826-1914525768-99944756-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1445623826-1914525768-99944756-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1445623826-1914525768-99944756-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.03 20:27:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.07.26 11:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.03.17 22:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\298wmpqu.default\extensions
[2012.03.27 21:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.27 21:55:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\Admin\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\298WMPQU.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
[2012.02.03 20:27:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.03 20:27:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.03 20:27:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.03 20:27:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.03 20:27:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.03 20:27:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.03 20:27:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [LockStatusTray] C:\Windows\LockStatusTray.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1445623826-1914525768-99944756-1001..\Run: [AVMUSBFernanschluss] C:\Users\Admin\AppData\Local\Apps\2.0\A1G766T8.K0X\ZGQAQGYR.MO6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-1445623826-1914525768-99944756-1001..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7464BC37-E60E-43FB-9207-E8CA2F26C292}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.aacacm - AACACM.acm (fccHandler)
Drivers32:64bit: msacm.ac3acm - ac3acm.acm (fccHandler)
Drivers32:64bit: msacm.ac3filter - ac3filter.acm ()
Drivers32:64bit: msacm.avis - ff_acm.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.l3pacm - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.lameacm - lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32:64bit: vidc.x264 - x264vfw.dll ()
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.aacacm - C:\Windows\SysWow64\AACACM.acm (fccHandler)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3pacm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://lame.sourceforge.net/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: vidc.x264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 22:43:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{46A2CD4B-9011-4778-9CB9-FA86086D4B7B}
[2012.03.27 21:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.27 21:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.03.27 21:45:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C5A3FC8E-150D-4F70-A339-C4B5209ABA45}
[2012.03.27 21:45:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{60F2D7C7-6C1A-4AEC-8889-4C848879894A}
[2012.03.17 22:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.17 22:48:42 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2012.03.17 22:14:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012.03.17 22:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.17 22:13:55 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.17 22:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.17 22:08:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5E5FEAD0-F3C5-4CC3-AD17-7DAF424E7979}
[2012.03.17 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4A7CB5C0-C1CF-4B16-AB2A-D9DA3927B264}
[2012.03.09 12:08:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{84D0CECF-CF0A-4036-B08A-56803A319EC9}
[2012.03.09 12:08:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1A9DC001-B61E-47F6-A256-465ABB050112}
[2012.03.06 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5417E114-2436-4A90-BA37-B0E2BF7E651A}
[2012.03.06 21:46:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BE60CAF9-6181-4B3F-81F5-7475F9556B31}
[2012.03.06 19:02:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{05D2E33B-C0AF-4BE1-8B1A-F9697BEF4F18}
[2012.03.06 17:56:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B011DC50-E411-444E-8A92-2600B521832F}
[2012.03.06 17:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\gema
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.28 22:49:41 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 22:49:41 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 22:49:34 | 001,505,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.28 22:49:34 | 000,656,250 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.28 22:49:34 | 000,618,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.28 22:49:34 | 000,131,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.28 22:49:34 | 000,107,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.28 22:42:34 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.03.28 22:42:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.28 22:42:20 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.27 21:28:02 | 000,354,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.17 22:48:51 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2012.03.17 22:13:57 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.09 20:12:12 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.03.06 18:50:30 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
 
========== Files Created - No Company Name ==========
 
[2012.03.17 22:13:57 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.09 20:12:12 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2011.07.23 19:44:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.23 17:17:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.23 17:17:43 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.23 16:53:20 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.03 22:48:42 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.06.20 07:10:44 | 003,888,128 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011.06.17 09:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.06.17 09:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.04.11 19:09:18 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.04 17:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== LOP Check ==========
 
[2011.07.23 18:15:17 | 000,000,000 | ---D | M] -- C:\Users\Benutzer2\AppData\Roaming\Windows Live Writer
[2011.07.23 20:17:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Acronis
[2011.12.20 19:45:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GARMIN
[2012.01.20 16:37:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PCDr
[2011.07.23 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Shark007
[2011.07.23 20:06:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Win7codecs
[2011.07.25 11:26:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
[2011.07.23 17:27:24 | 000,000,000 | ---D | M] -- C:\Users\Benutzer1\AppData\Roaming\BACS.exe
[2012.03.09 13:05:23 | 000,000,000 | ---D | M] -- C:\Users\Benutzer1\AppData\Roaming\gema
[2011.11.15 23:06:24 | 000,000,000 | ---D | M] -- C:\Users\Benutzer1\AppData\Roaming\Windows Live Writer
[2012.03.06 18:50:30 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.01.31 18:24:59 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.28 22:42:34 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.23 20:17:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Acronis
[2011.07.23 20:10:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2011.07.29 22:20:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Corel
[2012.01.20 16:39:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dell
[2011.12.20 19:45:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GARMIN
[2011.07.23 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2011.07.23 17:10:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield
[2011.07.25 09:19:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2012.03.17 22:14:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012.01.20 20:25:23 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2011.07.26 11:11:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012.01.20 16:37:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PCDr
[2011.07.23 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Shark007
[2011.10.09 23:14:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc
[2011.07.23 20:06:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Win7codecs
[2011.07.25 11:26:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2011.07.29 22:18:54 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
[2011.07.29 22:18:54 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---
ISt da in den App data noch was drin?


Gruß und Dank, :dankeschoen:

blök

cosinus 29.03.2012 13:43
Hast du eigentlich Änderungen am Startmen? Sind da alle Verknüpfungen noch vorhanden, v.a. unter alle Programme, dann in alle Verknüpfungsordner oder sind die Ordner unter alle Programme leer?

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

blök 29.03.2012 15:24
Hallo Arne,

es ist der Pc von meinem Onkel. Deshalb kann ich keine Unterschiede feststellen.
Aber unter "Alle Programme" sind sowohl im Administrator als auch im befallenen Account Verknüpfungen sowohl unter Benutzung der "windows taste" als auch im "Alle Programme" Ordner und dessen Unterordnern vorhanden und funktionierend.

Hier das log des otl fixes:

Code:


========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03292012_161924
Waren nur noch Spuren in der Registry vorhanden?

nochmals :dankeschoen:,

blök

cosinus 29.03.2012 15:46
Ok, danke für die Info. Diese Ramsonware (GEMA, BKA, UKash Blockierer) verschieben nämlich gern auch alle Verknüpfungen aus den Unterordnern im Startmenü nach %tmp%\smtmp

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

blök 29.03.2012 22:09
Hallo Arne,

hier ist das TDSS-Killer log:

Code:

23:01:42.0965 2020        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
23:01:43.0262 2020        ============================================================
23:01:43.0262 2020        Current date / time: 2012/03/29 23:01:43.0262
23:01:43.0262 2020        SystemInfo:
23:01:43.0262 2020       
23:01:43.0262 2020        OS Version: 6.1.7601 ServicePack: 1.0
23:01:43.0262 2020        Product type: Workstation
23:01:43.0262 2020        ComputerName: DESKTOP
23:01:43.0262 2020        UserName: Admin
23:01:43.0262 2020        Windows directory: C:\Windows
23:01:43.0262 2020        System windows directory: C:\Windows
23:01:43.0262 2020        Running under WOW64
23:01:43.0262 2020        Processor architecture: Intel x64
23:01:43.0262 2020        Number of processors: 8
23:01:43.0262 2020        Page size: 0x1000
23:01:43.0262 2020        Boot type: Normal boot
23:01:43.0262 2020        ============================================================
23:01:44.0120 2020        Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:01:44.0135 2020        Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:01:44.0151 2020        \Device\Harddisk0\DR0:
23:01:44.0151 2020        MBR used
23:01:44.0151 2020        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A7F000
23:01:44.0151 2020        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A93000, BlocksNum 0x2FFF4000
23:01:44.0151 2020        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x31A87000, BlocksNum 0x7D000000
23:01:44.0151 2020        \Device\Harddisk1\DR1:
23:01:44.0151 2020        MBR used
23:01:44.0151 2020        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
23:01:44.0541 2020        Initialize success
23:01:44.0541 2020        ============================================================
23:02:16.0896 1448        ============================================================
23:02:16.0896 1448        Scan started
23:02:16.0896 1448        Mode: Manual; SigCheck; TDLFS;
23:02:16.0896 1448        ============================================================
23:02:17.0895 1448        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:02:17.0988 1448        1394ohci - ok
23:02:18.0020 1448        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:02:18.0051 1448        ACPI - ok
23:02:18.0051 1448        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:02:18.0113 1448        AcpiPmi - ok
23:02:18.0191 1448        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:02:18.0207 1448        AdobeARMservice - ok
23:02:18.0269 1448        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:02:18.0285 1448        AdobeFlashPlayerUpdateSvc - ok
23:02:18.0316 1448        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:02:18.0332 1448        adp94xx - ok
23:02:18.0363 1448        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:02:18.0378 1448        adpahci - ok
23:02:18.0410 1448        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:02:18.0410 1448        adpu320 - ok
23:02:18.0441 1448        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:02:18.0550 1448        AeLookupSvc - ok
23:02:18.0581 1448        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:02:18.0628 1448        AFD - ok
23:02:18.0644 1448        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:02:18.0659 1448        agp440 - ok
23:02:18.0675 1448        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:02:18.0722 1448        ALG - ok
23:02:18.0737 1448        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:02:18.0753 1448        aliide - ok
23:02:18.0784 1448        AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
23:02:18.0831 1448        AMD External Events Utility - ok
23:02:18.0846 1448        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:02:18.0862 1448        amdide - ok
23:02:18.0878 1448        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:02:18.0893 1448        AmdK8 - ok
23:02:19.0049 1448        amdkmdag        (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
23:02:19.0221 1448        amdkmdag - ok
23:02:19.0252 1448        amdkmdap        (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
23:02:19.0268 1448        amdkmdap - ok
23:02:19.0283 1448        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:02:19.0283 1448        AmdPPM - ok
23:02:19.0330 1448        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:02:19.0346 1448        amdsata - ok
23:02:19.0361 1448        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:02:19.0377 1448        amdsbs - ok
23:02:19.0392 1448        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:02:19.0408 1448        amdxata - ok
23:02:19.0424 1448        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:02:19.0564 1448        AppID - ok
23:02:19.0580 1448        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:02:19.0626 1448        AppIDSvc - ok
23:02:19.0642 1448        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:02:19.0704 1448        Appinfo - ok
23:02:19.0736 1448        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:02:19.0736 1448        arc - ok
23:02:19.0751 1448        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:02:19.0767 1448        arcsas - ok
23:02:19.0782 1448        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:02:19.0845 1448        AsyncMac - ok
23:02:19.0860 1448        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:02:19.0860 1448        atapi - ok
23:02:19.0907 1448        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:02:19.0938 1448        AudioEndpointBuilder - ok
23:02:19.0954 1448        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:02:19.0970 1448        AudioSrv - ok
23:02:20.0016 1448        avmaudio        (bd39d7cfd9d6a73396b618113a8e8d57) C:\Windows\system32\DRIVERS\avmaudio.sys
23:02:20.0048 1448        avmaudio - ok
23:02:20.0063 1448        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:02:20.0141 1448        AxInstSV - ok
23:02:20.0172 1448        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:02:20.0219 1448        b06bdrv - ok
23:02:20.0282 1448        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:02:20.0297 1448        b57nd60a - ok
23:02:20.0328 1448        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:02:20.0360 1448        BDESVC - ok
23:02:20.0375 1448        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:02:20.0422 1448        Beep - ok
23:02:20.0453 1448        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:02:20.0500 1448        BFE - ok
23:02:20.0531 1448        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:02:20.0562 1448        BITS - ok
23:02:20.0578 1448        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:02:20.0594 1448        blbdrive - ok
23:02:20.0625 1448        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:02:20.0656 1448        bowser - ok
23:02:20.0734 1448        BrcmMgmtAgent  (96afb6d33247fe90421a5b2e76f4ed59) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
23:02:20.0750 1448        BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - warning
23:02:20.0750 1448        BrcmMgmtAgent - detected UnsignedFile.Multi.Generic (1)
23:02:20.0781 1448        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:02:20.0796 1448        BrFiltLo - ok
23:02:20.0812 1448        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:02:20.0828 1448        BrFiltUp - ok
23:02:20.0859 1448        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:02:20.0921 1448        Browser - ok
23:02:20.0937 1448        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:02:20.0984 1448        Brserid - ok
23:02:20.0999 1448        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:02:21.0030 1448        BrSerWdm - ok
23:02:21.0030 1448        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:02:21.0062 1448        BrUsbMdm - ok
23:02:21.0062 1448        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:02:21.0077 1448        BrUsbSer - ok
23:02:21.0093 1448        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:02:21.0108 1448        BTHMODEM - ok
23:02:21.0140 1448        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:02:21.0186 1448        bthserv - ok
23:02:21.0202 1448        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:02:21.0233 1448        cdfs - ok
23:02:21.0280 1448        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:02:21.0296 1448        cdrom - ok
23:02:21.0327 1448        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:02:21.0374 1448        CertPropSvc - ok
23:02:21.0389 1448        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:02:21.0389 1448        circlass - ok
23:02:21.0405 1448        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:02:21.0420 1448        CLFS - ok
23:02:21.0530 1448        CLKMSVC10_9EC60124 (bb86f147b2a7152e4b4d71a2f0a87d41) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
23:02:21.0545 1448        CLKMSVC10_9EC60124 - ok
23:02:21.0592 1448        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:02:21.0608 1448        clr_optimization_v2.0.50727_32 - ok
23:02:21.0654 1448        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:02:21.0670 1448        clr_optimization_v2.0.50727_64 - ok
23:02:21.0717 1448        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:02:21.0779 1448        clr_optimization_v4.0.30319_32 - ok
23:02:21.0795 1448        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:02:21.0810 1448        clr_optimization_v4.0.30319_64 - ok
23:02:21.0826 1448        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:02:21.0857 1448        CmBatt - ok
23:02:21.0873 1448        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:02:21.0888 1448        cmdide - ok
23:02:21.0920 1448        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:02:21.0951 1448        CNG - ok
23:02:21.0966 1448        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:02:21.0966 1448        Compbatt - ok
23:02:22.0013 1448        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:02:22.0029 1448        CompositeBus - ok
23:02:22.0044 1448        COMSysApp - ok
23:02:22.0060 1448        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:02:22.0076 1448        crcdisk - ok
23:02:22.0091 1448        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:02:22.0154 1448        CryptSvc - ok
23:02:22.0185 1448        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:02:22.0232 1448        DcomLaunch - ok
23:02:22.0263 1448        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:02:22.0310 1448        defragsvc - ok
23:02:22.0325 1448        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:02:22.0356 1448        DfsC - ok
23:02:22.0372 1448        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:02:22.0403 1448        Dhcp - ok
23:02:22.0419 1448        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:02:22.0466 1448        discache - ok
23:02:22.0497 1448        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:02:22.0512 1448        Disk - ok
23:02:22.0528 1448        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:02:22.0559 1448        Dnscache - ok
23:02:22.0575 1448        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:02:22.0622 1448        dot3svc - ok
23:02:22.0637 1448        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:02:22.0684 1448        DPS - ok
23:02:22.0715 1448        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:02:22.0746 1448        drmkaud - ok
23:02:22.0778 1448        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:02:22.0793 1448        DXGKrnl - ok
23:02:22.0809 1448        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:02:22.0840 1448        EapHost - ok
23:02:22.0902 1448        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:02:22.0996 1448        ebdrv - ok
23:02:23.0027 1448        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:02:23.0043 1448        EFS - ok
23:02:23.0090 1448        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:02:23.0121 1448        ehRecvr - ok
23:02:23.0136 1448        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:02:23.0152 1448        ehSched - ok
23:02:23.0168 1448        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:02:23.0199 1448        elxstor - ok
23:02:23.0214 1448        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:02:23.0230 1448        ErrDev - ok
23:02:23.0261 1448        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:02:23.0292 1448        EventSystem - ok
23:02:23.0308 1448        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:02:23.0324 1448        exfat - ok
23:02:23.0355 1448        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:02:23.0402 1448        fastfat - ok
23:02:23.0417 1448        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:02:23.0464 1448        Fax - ok
23:02:23.0464 1448        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:02:23.0480 1448        fdc - ok
23:02:23.0495 1448        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:02:23.0542 1448        fdPHost - ok
23:02:23.0573 1448        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:02:23.0604 1448        FDResPub - ok
23:02:23.0620 1448        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:02:23.0636 1448        FileInfo - ok
23:02:23.0636 1448        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:02:23.0667 1448        Filetrace - ok
23:02:23.0682 1448        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:02:23.0698 1448        flpydisk - ok
23:02:23.0714 1448        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:02:23.0714 1448        FltMgr - ok
23:02:23.0760 1448        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:02:23.0823 1448        FontCache - ok
23:02:23.0854 1448        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:02:23.0870 1448        FontCache3.0.0.0 - ok
23:02:23.0885 1448        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:02:23.0885 1448        FsDepends - ok
23:02:23.0901 1448        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:02:23.0916 1448        Fs_Rec - ok
23:02:23.0932 1448        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:02:23.0948 1448        fvevol - ok
23:02:23.0963 1448        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:02:23.0979 1448        gagp30kx - ok
23:02:23.0994 1448        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:02:24.0041 1448        gpsvc - ok
23:02:24.0057 1448        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:02:24.0088 1448        hcw85cir - ok
23:02:24.0119 1448        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:02:24.0150 1448        HdAudAddService - ok
23:02:24.0166 1448        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:02:24.0182 1448        HDAudBus - ok
23:02:24.0197 1448        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:02:24.0213 1448        HidBatt - ok
23:02:24.0228 1448        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:02:24.0244 1448        HidBth - ok
23:02:24.0260 1448        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:02:24.0260 1448        HidIr - ok
23:02:24.0291 1448        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:02:24.0306 1448        hidserv - ok
23:02:24.0353 1448        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:02:24.0369 1448        HidUsb - ok
23:02:24.0384 1448        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:02:24.0447 1448        hkmsvc - ok
23:02:24.0478 1448        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:02:24.0494 1448        HomeGroupListener - ok
23:02:24.0509 1448        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:02:24.0540 1448        HomeGroupProvider - ok
23:02:24.0556 1448        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:02:24.0572 1448        HpSAMD - ok
23:02:24.0603 1448        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:02:24.0634 1448        HTTP - ok
23:02:24.0665 1448        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:02:24.0665 1448        hwpolicy - ok
23:02:24.0681 1448        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:02:24.0696 1448        i8042prt - ok
23:02:24.0743 1448        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:02:24.0759 1448        iaStorV - ok
23:02:24.0806 1448        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:02:24.0837 1448        idsvc - ok
23:02:24.0868 1448        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:02:24.0868 1448        iirsp - ok
23:02:24.0915 1448        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:02:24.0962 1448        IKEEXT - ok
23:02:25.0040 1448        IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
23:02:25.0071 1448        IntcAzAudAddService - ok
23:02:25.0102 1448        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:02:25.0102 1448        intelide - ok
23:02:25.0133 1448        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:02:25.0149 1448        intelppm - ok
23:02:25.0164 1448        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:02:25.0227 1448        IPBusEnum - ok
23:02:25.0242 1448        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:02:25.0258 1448        IpFilterDriver - ok
23:02:25.0289 1448        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:02:25.0320 1448        iphlpsvc - ok
23:02:25.0320 1448        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:02:25.0336 1448        IPMIDRV - ok
23:02:25.0352 1448        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:02:25.0367 1448        IPNAT - ok
23:02:25.0398 1448        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:02:25.0414 1448        IRENUM - ok
23:02:25.0430 1448        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:02:25.0445 1448        isapnp - ok
23:02:25.0461 1448        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:02:25.0476 1448        iScsiPrt - ok
23:02:25.0508 1448        k57nd60a        (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
23:02:25.0508 1448        k57nd60a - ok
23:02:25.0523 1448        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:02:25.0539 1448        kbdclass - ok
23:02:25.0554 1448        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:02:25.0570 1448        kbdhid - ok
23:02:25.0617 1448        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:02:25.0617 1448        KeyIso - ok
23:02:25.0648 1448        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:02:25.0648 1448        KSecDD - ok
23:02:25.0679 1448        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:02:25.0679 1448        KSecPkg - ok
23:02:25.0695 1448        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:02:25.0726 1448        ksthunk - ok
23:02:25.0757 1448        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:02:25.0804 1448        KtmRm - ok
23:02:25.0835 1448        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:02:25.0866 1448        LanmanServer - ok
23:02:25.0882 1448        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:02:25.0944 1448        LanmanWorkstation - ok
23:02:25.0960 1448        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:02:26.0022 1448        lltdio - ok
23:02:26.0054 1448        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:02:26.0100 1448        lltdsvc - ok
23:02:26.0116 1448        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:02:26.0147 1448        lmhosts - ok
23:02:26.0194 1448        LMS            (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:02:26.0210 1448        LMS - ok
23:02:26.0225 1448        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:02:26.0241 1448        LSI_FC - ok
23:02:26.0256 1448        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:02:26.0272 1448        LSI_SAS - ok
23:02:26.0288 1448        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:02:26.0303 1448        LSI_SAS2 - ok
23:02:26.0319 1448        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:02:26.0334 1448        LSI_SCSI - ok
23:02:26.0350 1448        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:02:26.0397 1448        luafv - ok
23:02:26.0475 1448        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
23:02:26.0475 1448        MBAMProtector - ok
23:02:26.0537 1448        MBAMService    (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:02:26.0568 1448        MBAMService - ok
23:02:26.0600 1448        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:02:26.0615 1448        Mcx2Svc - ok
23:02:26.0631 1448        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:02:26.0646 1448        megasas - ok
23:02:26.0662 1448        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:02:26.0678 1448        MegaSR - ok
23:02:26.0709 1448        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
23:02:26.0709 1448        MEIx64 - ok
23:02:26.0740 1448        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:02:26.0787 1448        MMCSS - ok
23:02:26.0802 1448        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:02:26.0849 1448        Modem - ok
23:02:26.0865 1448        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:02:26.0880 1448        monitor - ok
23:02:26.0896 1448        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:02:26.0912 1448        mouclass - ok
23:02:26.0943 1448        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:02:26.0943 1448        mouhid - ok
23:02:26.0974 1448        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:02:26.0974 1448        mountmgr - ok
23:02:27.0005 1448        MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
23:02:27.0021 1448        MpFilter - ok
23:02:27.0036 1448        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:02:27.0052 1448        mpio - ok
23:02:27.0068 1448        MpNWMon        (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:02:27.0068 1448        MpNWMon - ok
23:02:27.0083 1448        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:02:27.0114 1448        mpsdrv - ok
23:02:27.0130 1448        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:02:27.0177 1448        MpsSvc - ok
23:02:27.0192 1448        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:02:27.0224 1448        MRxDAV - ok
23:02:27.0255 1448        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:02:27.0270 1448        mrxsmb - ok
23:02:27.0317 1448        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:02:27.0333 1448        mrxsmb10 - ok
23:02:27.0380 1448        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:02:27.0395 1448        mrxsmb20 - ok
23:02:27.0411 1448        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:02:27.0426 1448        msahci - ok
23:02:27.0442 1448        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:02:27.0458 1448        msdsm - ok
23:02:27.0473 1448        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:02:27.0504 1448        MSDTC - ok
23:02:27.0520 1448        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:02:27.0551 1448        Msfs - ok
23:02:27.0582 1448        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:02:27.0629 1448        mshidkmdf - ok
23:02:27.0645 1448        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:02:27.0645 1448        msisadrv - ok
23:02:27.0660 1448        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:02:27.0692 1448        MSiSCSI - ok
23:02:27.0707 1448        msiserver - ok
23:02:27.0738 1448        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:02:27.0785 1448        MSKSSRV - ok
23:02:27.0863 1448        MsMpSvc        (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
23:02:27.0863 1448        MsMpSvc - ok
23:02:27.0879 1448        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:02:27.0926 1448        MSPCLOCK - ok
23:02:27.0941 1448        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:02:27.0957 1448        MSPQM - ok
23:02:27.0988 1448        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:02:28.0004 1448        MsRPC - ok
23:02:28.0019 1448        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:02:28.0019 1448        mssmbios - ok
23:02:28.0035 1448        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:02:28.0066 1448        MSTEE - ok
23:02:28.0082 1448        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:02:28.0082 1448        MTConfig - ok
23:02:28.0097 1448        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:02:28.0113 1448        Mup - ok
23:02:28.0128 1448        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:02:28.0175 1448        napagent - ok
23:02:28.0206 1448        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:02:28.0222 1448        NativeWifiP - ok
23:02:28.0316 1448        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:02:28.0347 1448        NDIS - ok
23:02:28.0362 1448        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:02:28.0378 1448        NdisCap - ok
23:02:28.0409 1448        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:02:28.0440 1448        NdisTapi - ok
23:02:28.0456 1448        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:02:28.0472 1448        Ndisuio - ok
23:02:28.0487 1448        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:02:28.0518 1448        NdisWan - ok
23:02:28.0550 1448        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:02:28.0581 1448        NDProxy - ok
23:02:28.0596 1448        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:02:28.0628 1448        NetBIOS - ok
23:02:28.0643 1448        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:02:28.0674 1448        NetBT - ok
23:02:28.0706 1448        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:02:28.0706 1448        Netlogon - ok
23:02:28.0737 1448        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:02:28.0768 1448        Netman - ok
23:02:28.0799 1448        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:02:28.0862 1448        netprofm - ok
23:02:28.0908 1448        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:02:28.0924 1448        NetTcpPortSharing - ok
23:02:28.0955 1448        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:02:28.0971 1448        nfrd960 - ok
23:02:28.0986 1448        NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:02:29.0002 1448        NisDrv - ok
23:02:29.0049 1448        NisSrv          (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
23:02:29.0064 1448        NisSrv - ok
23:02:29.0096 1448        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:02:29.0142 1448        NlaSvc - ok
23:02:29.0174 1448        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:02:29.0189 1448        Npfs - ok
23:02:29.0205 1448        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:02:29.0236 1448        nsi - ok
23:02:29.0252 1448        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:02:29.0267 1448        nsiproxy - ok
23:02:29.0330 1448        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:02:29.0392 1448        Ntfs - ok
23:02:29.0408 1448        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:02:29.0439 1448        Null - ok
23:02:29.0470 1448        nusb3hub        (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\drivers\nusb3hub.sys
23:02:29.0486 1448        nusb3hub - ok
23:02:29.0517 1448        nusb3xhc        (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\drivers\nusb3xhc.sys
23:02:29.0532 1448        nusb3xhc - ok
23:02:29.0595 1448        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:02:29.0610 1448        nvraid - ok
23:02:29.0626 1448        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:02:29.0642 1448        nvstor - ok
23:02:29.0673 1448        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:02:29.0673 1448        nv_agp - ok
23:02:29.0688 1448        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:02:29.0704 1448        ohci1394 - ok
23:02:29.0751 1448        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:02:29.0751 1448        ose - ok
23:02:29.0782 1448        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:02:29.0829 1448        p2pimsvc - ok
23:02:29.0860 1448        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:02:29.0876 1448        p2psvc - ok
23:02:29.0907 1448        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:02:29.0922 1448        Parport - ok
23:02:29.0969 1448        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:02:29.0985 1448        partmgr - ok
23:02:30.0000 1448        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:02:30.0032 1448        PcaSvc - ok
23:02:30.0110 1448        PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
23:02:30.0172 1448        PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
23:02:30.0203 1448        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:02:30.0219 1448        pci - ok
23:02:30.0234 1448        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:02:30.0250 1448        pciide - ok
23:02:30.0266 1448        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:02:30.0281 1448        pcmcia - ok
23:02:30.0297 1448        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:02:30.0297 1448        pcw - ok
23:02:30.0328 1448        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:02:30.0390 1448        PEAUTH - ok
23:02:30.0437 1448        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:02:30.0453 1448        PerfHost - ok
23:02:30.0500 1448        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:02:30.0578 1448        pla - ok
23:02:30.0624 1448        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:02:30.0671 1448        PlugPlay - ok
23:02:30.0687 1448        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:02:30.0702 1448        PNRPAutoReg - ok
23:02:30.0749 1448        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:02:30.0765 1448        PNRPsvc - ok
23:02:30.0796 1448        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:02:30.0843 1448        PolicyAgent - ok
23:02:30.0890 1448        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:02:30.0921 1448        Power - ok
23:02:30.0983 1448        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:02:31.0030 1448        PptpMiniport - ok
23:02:31.0077 1448        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:02:31.0092 1448        Processor - ok
23:02:31.0108 1448        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:02:31.0170 1448        ProfSvc - ok
23:02:31.0202 1448        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:02:31.0217 1448        ProtectedStorage - ok
23:02:31.0233 1448        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:02:31.0280 1448        Psched - ok
23:02:31.0326 1448        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:02:31.0373 1448        ql2300 - ok
23:02:31.0404 1448        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:02:31.0404 1448        ql40xx - ok
23:02:31.0420 1448        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:02:31.0436 1448        QWAVE - ok
23:02:31.0451 1448        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:02:31.0467 1448        QWAVEdrv - ok
23:02:31.0498 1448        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:02:31.0514 1448        RasAcd - ok
23:02:31.0529 1448        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:02:31.0560 1448        RasAgileVpn - ok
23:02:31.0576 1448        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:02:31.0607 1448        RasAuto - ok
23:02:31.0638 1448        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:02:31.0670 1448        Rasl2tp - ok
23:02:31.0685 1448        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:02:31.0732 1448        RasMan - ok
23:02:31.0748 1448        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:02:31.0779 1448        RasPppoe - ok
23:02:31.0794 1448        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:02:31.0826 1448        RasSstp - ok
23:02:31.0841 1448        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:02:31.0857 1448        rdbss - ok
23:02:31.0872 1448        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:02:31.0888 1448        rdpbus - ok
23:02:31.0904 1448        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:02:31.0919 1448        RDPCDD - ok
23:02:31.0935 1448        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:02:31.0982 1448        RDPENCDD - ok
23:02:31.0997 1448        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:02:32.0013 1448        RDPREFMP - ok
23:02:32.0060 1448        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:02:32.0091 1448        RDPWD - ok
23:02:32.0122 1448        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:02:32.0138 1448        rdyboost - ok
23:02:32.0169 1448        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:02:32.0216 1448        RemoteAccess - ok
23:02:32.0231 1448        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:02:32.0262 1448        RemoteRegistry - ok
23:02:32.0278 1448        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:02:32.0309 1448        RpcEptMapper - ok
23:02:32.0340 1448        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:02:32.0356 1448        RpcLocator - ok
23:02:32.0387 1448        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:02:32.0418 1448        RpcSs - ok
23:02:32.0434 1448        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:02:32.0465 1448        rspndr - ok
23:02:32.0481 1448        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:02:32.0481 1448        SamSs - ok
23:02:32.0496 1448        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:02:32.0512 1448        sbp2port - ok
23:02:32.0543 1448        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:02:32.0559 1448        SCardSvr - ok
23:02:32.0574 1448        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:02:32.0637 1448        scfilter - ok
23:02:32.0652 1448        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:02:32.0730 1448        Schedule - ok
23:02:32.0762 1448        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:02:32.0793 1448        SCPolicySvc - ok
23:02:32.0793 1448        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:02:32.0824 1448        SDRSVC - ok
23:02:32.0855 1448        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:02:32.0918 1448        secdrv - ok
23:02:32.0933 1448        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:02:32.0949 1448        seclogon - ok
23:02:32.0996 1448        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:02:33.0027 1448        SENS - ok
23:02:33.0042 1448        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:02:33.0058 1448        SensrSvc - ok
23:02:33.0074 1448        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:02:33.0089 1448        Serenum - ok
23:02:33.0120 1448        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:02:33.0136 1448        Serial - ok
23:02:33.0152 1448        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:02:33.0183 1448        sermouse - ok
23:02:33.0198 1448        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:02:33.0261 1448        SessionEnv - ok
23:02:33.0261 1448        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:02:33.0276 1448        sffdisk - ok
23:02:33.0292 1448        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:02:33.0308 1448        sffp_mmc - ok
23:02:33.0308 1448        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:02:33.0339 1448        sffp_sd - ok
23:02:33.0339 1448        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:02:33.0354 1448        sfloppy - ok
23:02:33.0370 1448        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:02:33.0448 1448        SharedAccess - ok
23:02:33.0479 1448        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:02:33.0510 1448        ShellHWDetection - ok
23:02:33.0542 1448        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:02:33.0557 1448        SiSRaid2 - ok
23:02:33.0573 1448        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:02:33.0573 1448        SiSRaid4 - ok
23:02:33.0588 1448        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:02:33.0620 1448        Smb - ok
23:02:33.0666 1448        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:02:33.0682 1448        SNMPTRAP - ok
23:02:33.0698 1448        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:02:33.0713 1448        spldr - ok
23:02:33.0760 1448        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:02:33.0807 1448        Spooler - ok
23:02:34.0056 1448        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:02:34.0166 1448        sppsvc - ok
23:02:34.0181 1448        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:02:34.0197 1448        sppuinotify - ok
23:02:34.0228 1448        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:02:34.0244 1448        srv - ok
23:02:34.0275 1448        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:02:34.0306 1448        srv2 - ok
23:02:34.0337 1448        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:02:34.0353 1448        srvnet - ok
23:02:34.0384 1448        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:02:34.0431 1448        SSDPSRV - ok
23:02:34.0446 1448        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:02:34.0493 1448        SstpSvc - ok
23:02:34.0509 1448        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:02:34.0524 1448        stexstor - ok
23:02:34.0556 1448        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:02:34.0602 1448        stisvc - ok
23:02:34.0618 1448        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:02:34.0634 1448        swenum - ok
23:02:34.0680 1448        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:02:34.0727 1448        swprv - ok
23:02:34.0790 1448        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:02:34.0868 1448        SysMain - ok
23:02:34.0883 1448        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:02:34.0914 1448        TabletInputService - ok
23:02:34.0946 1448        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:02:34.0992 1448        TapiSrv - ok
23:02:35.0008 1448        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:02:35.0039 1448        TBS - ok
23:02:35.0086 1448        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:02:35.0164 1448        Tcpip - ok
23:02:35.0211 1448        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:02:35.0258 1448        TCPIP6 - ok
23:02:35.0320 1448        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:02:35.0367 1448        tcpipreg - ok
23:02:35.0382 1448        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:02:35.0398 1448        TDPIPE - ok
23:02:35.0429 1448        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:02:35.0460 1448        TDTCP - ok
23:02:35.0492 1448        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:02:35.0523 1448        tdx - ok
23:02:35.0523 1448        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:02:35.0538 1448        TermDD - ok
23:02:35.0554 1448        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:02:35.0601 1448        TermService - ok
23:02:35.0616 1448        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:02:35.0616 1448        Themes - ok
23:02:35.0648 1448        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:02:35.0663 1448        THREADORDER - ok
23:02:35.0679 1448        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:02:35.0710 1448        TrkWks - ok
23:02:35.0741 1448        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:02:35.0788 1448        TrustedInstaller - ok
23:02:35.0819 1448        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:02:35.0850 1448        tssecsrv - ok
23:02:35.0882 1448        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:02:35.0913 1448        TsUsbFlt - ok
23:02:35.0928 1448        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:02:35.0944 1448        TsUsbGD - ok
23:02:35.0975 1448        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:02:36.0022 1448        tunnel - ok
23:02:36.0038 1448        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:02:36.0053 1448        uagp35 - ok
23:02:36.0069 1448        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:02:36.0116 1448        udfs - ok
23:02:36.0131 1448        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:02:36.0162 1448        UI0Detect - ok
23:02:36.0178 1448        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:02:36.0194 1448        uliagpkx - ok
23:02:36.0225 1448        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:02:36.0256 1448        umbus - ok
23:02:36.0272 1448        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:02:36.0287 1448        UmPass - ok
23:02:36.0381 1448        UNS            (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:02:36.0506 1448        UNS - ok
23:02:36.0521 1448        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:02:36.0552 1448        upnphost - ok
23:02:36.0568 1448        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:02:36.0584 1448        usbccgp - ok
23:02:36.0615 1448        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:02:36.0615 1448        usbcir - ok
23:02:36.0646 1448        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:02:36.0662 1448        usbehci - ok
23:02:36.0693 1448        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:02:36.0724 1448        usbhub - ok
23:02:36.0755 1448        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:02:36.0786 1448        usbohci - ok
23:02:36.0818 1448        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:02:36.0833 1448        usbprint - ok
23:02:36.0864 1448        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:02:36.0880 1448        usbscan - ok
23:02:36.0911 1448        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:02:36.0942 1448        USBSTOR - ok
23:02:36.0974 1448        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:02:36.0989 1448        usbuhci - ok
23:02:37.0020 1448        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:02:37.0067 1448        UxSms - ok
23:02:37.0114 1448        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:02:37.0130 1448        VaultSvc - ok
23:02:37.0161 1448        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:02:37.0176 1448        vdrvroot - ok
23:02:37.0192 1448        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:02:37.0239 1448        vds - ok
23:02:37.0270 1448        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:02:37.0301 1448        vga - ok
23:02:37.0332 1448        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:02:37.0379 1448        VgaSave - ok
23:02:37.0395 1448        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:02:37.0410 1448        vhdmp - ok
23:02:37.0426 1448        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:02:37.0426 1448        viaide - ok
23:02:37.0457 1448        vidsflt53      (c69a784bec737cd7460ebf3c3834d65e) C:\Windows\system32\DRIVERS\vsflt53.sys
23:02:37.0473 1448        vidsflt53 - ok
23:02:37.0488 1448        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:02:37.0504 1448        volmgr - ok
23:02:37.0520 1448        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:02:37.0535 1448        volmgrx - ok
23:02:37.0582 1448        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:02:37.0598 1448        volsnap - ok
23:02:37.0629 1448        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:02:37.0676 1448        vsmraid - ok
23:02:37.0754 1448        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:02:37.0832 1448        VSS - ok
23:02:37.0847 1448        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:02:37.0878 1448        vwifibus - ok
23:02:37.0910 1448        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:02:37.0941 1448        W32Time - ok
23:02:37.0956 1448        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:02:37.0972 1448        WacomPen - ok
23:02:38.0003 1448        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:02:38.0050 1448        WANARP - ok
23:02:38.0050 1448        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:02:38.0066 1448        Wanarpv6 - ok
23:02:38.0112 1448        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:02:38.0175 1448        wbengine - ok
23:02:38.0190 1448        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:02:38.0206 1448        WbioSrvc - ok
23:02:38.0222 1448        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:02:38.0253 1448        wcncsvc - ok
23:02:38.0268 1448        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:02:38.0300 1448        WcsPlugInService - ok
23:02:38.0315 1448        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:02:38.0331 1448        Wd - ok
23:02:38.0346 1448        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:02:38.0378 1448        Wdf01000 - ok
23:02:38.0393 1448        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:02:38.0471 1448        WdiServiceHost - ok
23:02:38.0471 1448        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:02:38.0487 1448        WdiSystemHost - ok
23:02:38.0518 1448        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:02:38.0549 1448        WebClient - ok
23:02:38.0565 1448        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:02:38.0627 1448        Wecsvc - ok
23:02:38.0643 1448        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:02:38.0658 1448        wercplsupport - ok
23:02:38.0690 1448        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:02:38.0721 1448        WerSvc - ok
23:02:38.0736 1448        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:02:38.0783 1448        WfpLwf - ok
23:02:38.0799 1448        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:02:38.0799 1448        WIMMount - ok
23:02:38.0814 1448        WinDefend - ok
23:02:38.0814 1448        WinHttpAutoProxySvc - ok
23:02:38.0939 1448        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:02:38.0986 1448        Winmgmt - ok
23:02:39.0064 1448        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:02:39.0158 1448        WinRM - ok
23:02:39.0189 1448        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:02:39.0220 1448        Wlansvc - ok
23:02:39.0251 1448        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:02:39.0267 1448        wlcrasvc - ok
23:02:39.0314 1448        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:02:39.0392 1448        wlidsvc - ok
23:02:39.0470 1448        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:02:39.0501 1448        WmiAcpi - ok
23:02:39.0563 1448        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:02:39.0594 1448        wmiApSrv - ok
23:02:39.0594 1448        WMPNetworkSvc - ok
23:02:39.0626 1448        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:02:39.0641 1448        WPCSvc - ok
23:02:39.0657 1448        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:02:39.0704 1448        WPDBusEnum - ok
23:02:39.0735 1448        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:02:39.0766 1448        ws2ifsl - ok
23:02:39.0797 1448        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
23:02:39.0828 1448        wscsvc - ok
23:02:39.0844 1448        WSearch - ok
23:02:39.0906 1448        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:02:40.0000 1448        wuauserv - ok
23:02:40.0016 1448        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:02:40.0047 1448        WudfPf - ok
23:02:40.0078 1448        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:02:40.0109 1448        WUDFRd - ok
23:02:40.0140 1448        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:02:40.0172 1448        wudfsvc - ok
23:02:40.0187 1448        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:02:40.0218 1448        WwanSvc - ok
23:02:40.0234 1448        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:02:45.0226 1448        \Device\Harddisk0\DR0 - ok
23:02:45.0226 1448        MBR (0x1B8)    (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk1\DR1
23:02:45.0663 1448        \Device\Harddisk1\DR1 - ok
23:02:45.0725 1448        Boot (0x1200)  (8dac6d28d545d273332b2ab023bc42fd) \Device\Harddisk0\DR0\Partition0
23:02:45.0725 1448        \Device\Harddisk0\DR0\Partition0 - ok
23:02:45.0741 1448        Boot (0x1200)  (01f89f8005de8ecc7d504f6b4919a889) \Device\Harddisk0\DR0\Partition1
23:02:45.0756 1448        \Device\Harddisk0\DR0\Partition1 - ok
23:02:46.0380 1448        Boot (0x1200)  (3668e05449a6491c2b435b831baccac4) \Device\Harddisk0\DR0\Partition2
23:02:46.0380 1448        \Device\Harddisk0\DR0\Partition2 - ok
23:02:46.0380 1448        Boot (0x1200)  (c9ac329e6216e1d90221e271d0afa569) \Device\Harddisk1\DR1\Partition0
23:02:46.0396 1448        \Device\Harddisk1\DR1\Partition0 - ok
23:02:46.0396 1448        ============================================================
23:02:46.0396 1448        Scan finished
23:02:46.0396 1448        ============================================================
23:02:46.0396 4416        Detected object count: 1
23:02:46.0396 4416        Actual detected object count: 1
23:02:54.0196 4416        BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - skipped by user
23:02:54.0196 4416        BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip

nochmal ein großes :dankeschoen:,
blök

cosinus 30.03.2012 09:01
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

blök 30.03.2012 13:44
Hallo Arne,
ich habe combofix laufen lassen und hatte tatsächlich obigen Fehler den ein Neustart beheben konnte.

das Combofix log zeigt folgendes:

Code:

Combofix Logfile:

       
Code:

       
ComboFix 12-03-30.06 - Admin 30.03.2012  14:22:37.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6647 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\gema
c:\users\Willi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Webradio.gadget
c:\users\Benutzer1\AppData\Roaming\gema
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-30  ))))))))))))))))))))))))))))))
.
.
2012-03-29 21:07 . 2012-03-14 03:27        8669240        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A017002E-B274-4AD6-81E9-78BDC06F4380}\mpengine.dll
2012-03-29 20:58 . 2012-03-29 20:58        418464        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 14:19 . 2012-03-29 14:19        --------        d-----w-        C:\_OTL
2012-03-29 14:10 . 2012-03-29 14:10        --------        d-----w-        c:\users\Admin\AppData\Local\Cyberlink
2012-03-29 14:10 . 2012-03-29 14:10        --------        d-----w-        c:\users\Admin\AppData\Roaming\CyberLink
2012-03-27 19:55 . 2012-03-27 19:55        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-03-27 19:54 . 2012-03-27 19:54        --------        d-----w-        c:\program files (x86)\Java
2012-03-18 02:03 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-18 02:03 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-18 02:03 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-17 20:49 . 2012-03-17 20:49        --------        d-----w-        c:\program files (x86)\ESET
2012-03-17 20:14 . 2012-03-17 20:14        --------        d-----w-        c:\users\Admin\AppData\Roaming\Malwarebytes
2012-03-17 20:13 . 2012-03-17 20:13        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-17 20:13 . 2012-03-17 20:13        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-17 20:13 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-17 17:18 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-17 17:18 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-17 17:18 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-17 17:17 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-17 17:17 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-17 17:17 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-17 17:17 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-17 17:17 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-17 17:17 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-17 17:17 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-06 19:57 . 2012-03-06 19:58        --------        d-----w-        c:\users\Benutzer1
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 20:58 . 2011-07-23 15:35        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-27 19:54 . 2011-10-09 15:02        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-03-14 03:27 . 2011-07-23 16:22        8669240        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 17:13 . 2012-02-10 17:13        927800        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2C45D37-AA82-4968-8E82-7912897AAC5D}\gapaengine.dll
2012-02-03 21:32 . 2012-02-03 21:23        29480        ----a-w-        c:\windows\SysWow64\msxml3a.dll
2012-02-03 21:32 . 2003-02-21 02:42        353576        ----a-w-        c:\windows\SysWow64\msvcr71.dll
2012-02-03 21:32 . 2003-03-18 18:14        505128        ----a-w-        c:\windows\SysWow64\msvcp71.dll
2012-01-31 12:44 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-13 08:40 . 2011-07-25 07:06        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-04 10:44 . 2012-02-17 09:40        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-17 09:40        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2012-01-01 19:46 . 2011-08-29 07:46        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-01-01 19:46 . 2011-08-29 07:46        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\Admin\AppData\Local\Apps\2.0\A1G766T8.K0X\ZGQAQGYR.MO6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-07-23 147456]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-08-08 1407848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"LockStatusTray"="c:\windows\LockStatusTray.exe" [2008-02-19 192512]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-11 75048]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/02/03 22:24;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-08-11 248304]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_9EC60124
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:58]
.
2012-03-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-03-30 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\298wmpqu.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:fc,02,95,16,63,49,cc,01
.
[HKEY_USERS\S-1-5-21-1445623826-1914525768-99944756-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1445623826-1914525768-99944756-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-30  14:29:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-30 12:29
.
Vor Suchlauf: 11 Verzeichnis(se), 357.734.821.888 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 360.839.077.888 Bytes frei
.
- - End Of File - - 1346642ADD10E9C43FD0384FB504ABB9

--- --- ---
Das Löschen der Temporären Dateien des Webradios ist glaub ich nicht schlimm er scheint noch zu funktionieren (ich hab an dem Pc keine Lautsprecher angeschlossen) und zur Not könnte ich ihn sicher neu installieren.

Ist der Pc jetzt "sauber"? :Boogie:

:dankeschoen:,
blök

cosinus 30.03.2012 15:43
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

blök 30.03.2012 17:57
Hallo Arne,

das aswMBr log zeigt folgendes an:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 18:42:45
-----------------------------
18:42:45.788    OS Version: Windows x64 6.1.7601 Service Pack 1
18:42:45.788    Number of processors: 8 586 0x2A07
18:42:45.788    ComputerName: DESKTOP  UserName: Admin
18:42:48.475    Initialize success
18:46:44.395    AVAST engine defs: 12033000
18:47:54.580    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:47:54.580    Disk 0 Vendor: ST31500341AS CC4G Size: 1430799MB BusType: 11
18:47:54.595    Disk 0 MBR read successfully
18:47:54.595    Disk 0 MBR scan
18:47:54.595    Disk 0 Windows 7 default MBR code
18:47:54.595    Disk 0 Partition 1 00    DE Dell Utility DELL 4.1      39 MB offset 63
18:47:54.611    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        13566 MB offset 81920
18:47:54.627    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      393192 MB offset 27865088
18:47:54.658    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      1024000 MB offset 833122304
18:47:54.689    Disk 0 scanning C:\Windows\system32\drivers
18:48:01.303    Service scanning
18:48:13.846    Modules scanning
18:48:13.846    Disk 0 trace - called modules:
18:48:13.877    ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:48:13.877    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a86790]
18:48:13.877    3 CLASSPNP.SYS[fffff8800197643f] -> nt!IofCallDriver -> [0xfffffa8007981e30]
18:48:13.893    5 vsflt53.sys[fffff88000e51cfd] -> nt!IofCallDriver -> [0xfffffa8007850520]
18:48:13.893    7 ACPI.sys[fffff88000f947a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007821680]
18:48:17.137    AVAST engine scan C:\Windows
18:48:19.415    AVAST engine scan C:\Windows\system32
18:49:57.570    AVAST engine scan C:\Windows\system32\drivers
18:50:06.587    AVAST engine scan C:\Users\Admin
18:51:49.079    AVAST engine scan C:\ProgramData
18:52:41.620    Scan finished successfully
18:55:39.788    Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
18:55:39.788    The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"


Liebe Grüße,
blök

cosinus 30.03.2012 21:23
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

blök 31.03.2012 21:24
Hallo Arne,

SuperAntiSpyware hat viele (~270) Cookies gefunden:

Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/31/2012 at 03:12 PM

Application Version : 5.0.1146

Core Rules Database Version : 8402
Trace Rules Database Version: 6214

Scan type      : Complete Scan
Total Scan Time : 01:08:43

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 777
Memory threats detected  : 0
Registry items scanned    : 66152
Registry threats detected : 0
File items scanned        : 214364
File threats detected    : 296

Adware.Tracking Cookie
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Admin@microsoftwllivemkt.112.2o7[1].txt [ /microsoftwllivemkt.112.2o7 ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PB3EKKFW.txt [ /apmebf.com ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XM3Q1ZP1.txt [ /atdmt.com ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PX2S7ECD.txt [ /ad.zanox.com ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9XLYRW2S.txt [ /advertising.com ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VCKS187C.txt [ /adfarm1.adition.com ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HKP5MMHC.txt [ /mediaplex.com ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3PJ8HU5H.txt [ /bs.serving-sys.com ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NDHEAW6M.txt [ /serving-sys.com ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RHM4NK02.txt [ /doubleclick.net ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YS3K4I2H.txt [ /ad.yieldmanager.com ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\X1IDFXYP.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4JASPWQ1.txt [ /de.at.atwola.com ]
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KUFQZGNL.txt [ /fastclick.net ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\QA8XPSM3.txt [ Cookie:Benutzer2@microsoftwllivemkt.112.2o7.net/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Benutzer2@apmebf[1].txt [ Cookie:Benutzer2@apmebf.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Benutzer2@mediaplex[1].txt [ Cookie:Benutzer2@mediaplex.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Benutzer2@bs.serving-sys[1].txt [ Cookie:Benutzer2@bs.serving-sys.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\CHXSVR1H.txt [ Cookie:Benutzer2@atdmt.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Benutzer2@serving-sys[1].txt [ Cookie:Benutzer2@serving-sys.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Benutzer2@doubleclick[1].txt [ Cookie:Benutzer2@doubleclick.net/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\63K2QL6V.txt [ Cookie:Benutzer2@smartadserver.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\F3WGK7YC.txt [ Cookie:Benutzer2@zanox.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\5MEKKS2W.txt [ Cookie:Benutzer2@apmebf.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\XR1KTJVK.txt [ Cookie:Benutzer2@imrworldwide.com/cgi-bin ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\A914W7CX.txt [ Cookie:Benutzer2@www.zanox-affiliate.de/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\TII3I1O1.txt [ Cookie:Benutzer2@de.at.atwola.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\ONV1T64L.txt [ Cookie:Benutzer2@ad.zanox.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Benutzer2@tracking.quisma[1].txt [ Cookie:Benutzer2@tracking.quisma.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Benutzer2@webmasterplan[2].txt [ Cookie:Benutzer2@webmasterplan.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RI4DIFQI.txt [ Cookie:Benutzer2@mediaplex.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Benutzer2@2o7[1].txt [ Cookie:Benutzer2@2o7.net/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\X3KYX83X.txt [ Cookie:Benutzer2@adfarm1.adition.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Benutzer2@unitymedia[2].txt [ Cookie:Benutzer2@unitymedia.de/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\568K0305.txt [ Cookie:Benutzer2@ad2.adfarm1.adition.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Benutzer2@traffictrack[1].txt [ Cookie:Benutzer2@traffictrack.de/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\9FAEV92B.txt [ Cookie:Benutzer2@bs.serving-sys.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\W52TCT6G.txt [ Cookie:Benutzer2@atdmt.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\Benutzer2@nextag[2].txt [ Cookie:Benutzer2@nextag.de/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\YVAXLVL1.txt [ Cookie:Benutzer2@zanox-affiliate.de/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJIXIQUG.txt [ Cookie:Benutzer2@tradedoubler.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\D073JR8X.txt [ Cookie:Benutzer2@ad.yieldmanager.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\7B2CN57M.txt [ Cookie:Benutzer2@advertising.com/ ]
        C:\USERS\Benutzer2\AppData\Roaming\Microsoft\Windows\Cookies\Low\SDVKQY26.txt [ Cookie:Benutzer2@serving-sys.com/ ]
        C:\USERS\Benutzer2\Cookies\QA8XPSM3.txt [ Cookie:Benutzer2@microsoftwllivemkt.112.2o7.net/ ]
        C:\USERS\Benutzer2\Cookies\Benutzer2@apmebf[1].txt [ Cookie:Benutzer2@apmebf.com/ ]
        C:\USERS\Benutzer2\Cookies\Benutzer2@mediaplex[1].txt [ Cookie:Benutzer2@mediaplex.com/ ]
        C:\USERS\Benutzer2\Cookies\Benutzer2@bs.serving-sys[1].txt [ Cookie:Benutzer2@bs.serving-sys.com/ ]
        C:\USERS\Benutzer2\Cookies\CHXSVR1H.txt [ Cookie:Benutzer2@atdmt.com/ ]
        C:\USERS\Benutzer2\Cookies\Benutzer2@serving-sys[1].txt [ Cookie:Benutzer2@serving-sys.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\VLLW9Y2V.txt [ Cookie:Admin@adform.net/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Admin@www.etracker[2].txt [ Cookie:Admin@www.etracker.de/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QUL9KKMY.txt [ Cookie:Admin@smartadserver.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\K2SD6MSU.txt [ Cookie:Admin@apmebf.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZKV2U3W0.txt [ Cookie:Admin@ww251.smartadserver.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Admin@tacoda.at.atwola[1].txt [ Cookie:Admin@tacoda.at.atwola.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Admin@invitemedia[2].txt [ Cookie:Admin@invitemedia.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Admin@media6degrees[2].txt [ Cookie:Admin@media6degrees.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\4PY57MVC.txt [ Cookie:Admin@content.yieldmanager.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\A6J789YN.txt [ Cookie:Admin@advertising.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\PBZWUNB3.txt [ Cookie:Admin@myhammer.122.2o7.net/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\2N7H5DP3.txt [ Cookie:Admin@eas.apm.emediate.eu/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUIUUB56.txt [ Cookie:Admin@unitymedia.de/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\J2PEWMRV.txt [ Cookie:Admin@adfarm1.adition.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\7409YIOW.txt [ Cookie:Admin@mediaplex.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\MBS2566X.txt [ Cookie:Admin@2o7.net/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\G97IJUQ2.txt [ Cookie:Admin@eas4.emediate.eu/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\86AV1HKL.txt [ Cookie:Admin@overture.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3DY4LGRP.txt [ Cookie:Admin@googleads.g.doubleclick.net/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Admin@msnportal.112.2o7[1].txt [ Cookie:Admin@msnportal.112.2o7.net/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\9SNU05YO.txt [ Cookie:Admin@www.googleadservices.com/pagead/conversion/1070484417/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Admin@ar.atwola[1].txt [ Cookie:Admin@ar.atwola.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\NF9CYTBN.txt [ Cookie:Admin@track.adform.net/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\EEZJ1NLS.txt [ Cookie:Admin@www.googleadservices.com/pagead/conversion/1070871315/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\GIM86YPM.txt [ Cookie:Admin@traffictrack.de/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\O5D4NPDJ.txt [ Cookie:Admin@serving-sys.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\D6NEW729.txt [ Cookie:Admin@de.sitestat.com/idgcom-de/projekt3/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\3JGN8UVR.txt [ Cookie:Admin@adtech.de/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1EPOWPZ0.txt [ Cookie:Admin@hightraffic.hugoboss.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z3OWNMPI.txt [ Cookie:Admin@ad.yieldmanager.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\HOHK47YX.txt [ Cookie:Admin@doubleclick.net/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZD84Q3TL.txt [ Cookie:Admin@de.sitestat.com/idgcom-de/computerwoche/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Admin@content.yieldmanager[3].txt [ Cookie:Admin@content.yieldmanager.com/ak/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\5FXM06K2.txt [ Cookie:Admin@in.getclicky.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\1IGCQ42U.txt [ Cookie:Admin@ad2.adfarm1.adition.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\Admin@de.at.atwola[1].txt [ Cookie:Admin@de.at.atwola.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QUUS2DNP.txt [ Cookie:Admin@zanox-affiliate.de/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\VYM5RD18.txt [ Cookie:Admin@fastclick.net/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\A2KAW0K0.txt [ Cookie:Admin@tradedoubler.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\HI54NHBY.txt [ Cookie:Admin@webmasterplan.com/ ]
        C:\USERS\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\TW7E9A3X.txt [ Cookie:Admin@specificclick.net/ ]
        C:\USERS\Admin\Cookies\PB3EKKFW.txt [ Cookie:Admin@apmebf.com/ ]
        C:\USERS\Admin\Cookies\Admin@microsoftwllivemkt.112.2o7[1].txt [ Cookie:Admin@microsoftwllivemkt.112.2o7.net/ ]
        C:\USERS\Admin\Cookies\PX2S7ECD.txt [ Cookie:Admin@ad.zanox.com/ ]
        C:\USERS\Admin\Cookies\9XLYRW2S.txt [ Cookie:Admin@advertising.com/ ]
        C:\USERS\Admin\Cookies\VCKS187C.txt [ Cookie:Admin@adfarm1.adition.com/ ]
        C:\USERS\Admin\Cookies\HKP5MMHC.txt [ Cookie:Admin@mediaplex.com/ ]
        C:\USERS\Admin\Cookies\NDHEAW6M.txt [ Cookie:Admin@serving-sys.com/ ]
        C:\USERS\Admin\Cookies\RHM4NK02.txt [ Cookie:Admin@doubleclick.net/ ]
        C:\USERS\Admin\Cookies\YS3K4I2H.txt [ Cookie:Admin@ad.yieldmanager.com/ ]
        C:\USERS\Admin\Cookies\X1IDFXYP.txt [ Cookie:Admin@ad2.adfarm1.adition.com/ ]
        C:\USERS\Admin\Cookies\4JASPWQ1.txt [ Cookie:Admin@de.at.atwola.com/ ]
        C:\USERS\Admin\Cookies\KUFQZGNL.txt [ Cookie:Admin@fastclick.net/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\APCMWSVE.txt [ Cookie:willi@mediaplex.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\GKD5SHZP.txt [ Cookie:willi@track.effiliation.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ZCIOEQC.txt [ Cookie:willi@specificclick.net/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\U62HP78Y.txt [ Cookie:willi@doubleclick.net/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BOD8NON6.txt [ Cookie:willi@de.sitestat.com/pm/muenchen-de/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\H5XZRWMC.txt [ Cookie:willi@www.zanox-affiliate.de/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\SK0NRI14.txt [ Cookie:willi@track.effiliation.com/servlet/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\OQ3BNS34.txt [ Cookie:willi@ad.dyntracker.de/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\4DFC8I6P.txt [ Cookie:willi@mediatum.ub.tum.de/thumb2/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\AH275QGZ.txt [ Cookie:willi@im.banner.t-online.de/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\O29Q1GOF.txt [ Cookie:willi@xiti.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BMW7BM1Y.txt [ Cookie:willi@server.adform.net/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\7QTTKYO4.txt [ Cookie:willi@zanox.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\CV64KZTF.txt [ Cookie:willi@adtech.de/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\VY377UCZ.txt [ Cookie:willi@2o7.net/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\QKU9WRQP.txt [ Cookie:willi@eas.apm.emediate.eu/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\NY2T9O17.txt [ Cookie:willi@adx.chip.de/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\FV62IS4C.txt [ Cookie:willi@dyntracker.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\I7LQ4O9P.txt [ Cookie:willi@mediatum.ub.tum.de/thumbs/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\DVU7682X.txt [ Cookie:willi@tradedoubler.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\OEICTTBN.txt [ Cookie:willi@yieldmanager.net/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\64XPQ35X.txt [ Cookie:willi@statse.webtrendslive.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\V0Q7F540.txt [ Cookie:willi@tracking.publicidees.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\VE91U92E.txt [ Cookie:willi@de.at.atwola.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\3JSNN56U.txt [ Cookie:willi@www.etracker.de/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\SZI9SMBW.txt [ Cookie:willi@ad1.adfarm1.adition.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\RER5UI33.txt [ Cookie:willi@eyewonder.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\PRD96Y65.txt [ Cookie:willi@mediatum.ub.tum.de/file/604993/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BGW9D8V8.txt [ Cookie:willi@tacoda.at.atwola.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BKZVPM8A.txt [ Cookie:willi@adform.net/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\74SPMFK7.txt [ Cookie:willi@mediatum.ub.tum.de/doc/601914/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BWC16OCF.txt [ Cookie:willi@fastclick.net/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\JVYHADNA.txt [ Cookie:willi@atdmt.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\3Q45FJ2X.txt [ Cookie:willi@track.adform.net/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\WXPH362F.txt [ Cookie:willi@eas4.emediate.eu/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\VPAX2ILY.txt [ Cookie:willi@media6degrees.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\R682AS1U.txt [ Cookie:willi@tracking.quisma.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\NCGSQR3Y.txt [ Cookie:willi@advertising.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\QHKC0BBV.txt [ Cookie:willi@www.googleadservices.com/pagead/conversion/1000988709/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\FH1MKRKM.txt [ Cookie:willi@imrworldwide.com/cgi-bin ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\WWU67R5W.txt [ Cookie:willi@mediatum.ub.tum.de/js/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\2F0MP8VB.txt [ Cookie:willi@www.googleadservices.com/pagead/conversion/1059939543/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZC1O8XWA.txt [ Cookie:willi@mediatum.ub.tum.de/css/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZK12V81M.txt [ Cookie:willi@tribalfusion.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\7C4OAPXA.txt [ Cookie:willi@clickfuse.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\D3IK5UN7.txt [ Cookie:willi@at.atwola.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\9CBM4886.txt [ Cookie:willi@apmebf.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\W2CRBTB3.txt [ Cookie:willi@adviva.net/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\B1G5SJWM.txt [ Cookie:willi@adfarm1.adition.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\W1YISP4O.txt [ Cookie:willi@invitemedia.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\HPBFEXFA.txt [ Cookie:willi@ad3.adfarm1.adition.com/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\M5DDGUB3.txt [ Cookie:willi@traffictrack.de/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\M0ZC9RFL.txt [ Cookie:willi@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\LATQ7I4Z.txt [ Cookie:willi@ad.adnet.de/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\QPRQ0J03.txt [ Cookie:willi@zanox-affiliate.de/ ]
        C:\USERS\WILLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\D7I8YJTC.txt [ Cookie:willi@mediatum.ub.tum.de/img/ ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\Admin@ATDMT[1].TXT [ /ATDMT ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@2O7[1].TXT [ /2O7 ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AD.ZANOX[2].TXT [ /AD.ZANOX ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ADSERVER[1].TXT [ /ADSERVER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ADVERTISING[2].TXT [ /ADVERTISING ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@APMEBF[1].TXT [ /APMEBF ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ATDMT[2].TXT [ /ATDMT ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@DE.AT.ATWOLA[1].TXT [ /DE.AT.ATWOLA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@NEXTAG[1].TXT [ /NEXTAG ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@SMARTADSERVER[2].TXT [ /SMARTADSERVER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@TRAFFICTRACK[2].TXT [ /TRAFFICTRACK ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@UNITYMEDIA[2].TXT [ /UNITYMEDIA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@WEBMASTERPLAN[1].TXT [ /WEBMASTERPLAN ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@WWW.ETRACKER[2].TXT [ /WWW.ETRACKER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ZANOX-AFFILIATE[1].TXT [ /ZANOX-AFFILIATE ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-07-23 191717\BACKUP FILES 2011-08-02 081328\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ZANOX[1].TXT [ /ZANOX ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\Admin@ATDMT[1].TXT [ /ATDMT ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@2O7[1].TXT [ /2O7 ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AD.ZANOX[1].TXT [ /AD.ZANOX ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AD4.ADFARM1.ADITION[1].TXT [ /AD4.ADFARM1.ADITION ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ADSERVER[1].TXT [ /ADSERVER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ADVERTISING[1].TXT [ /ADVERTISING ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ANRTX.TACODA[1].TXT [ /ANRTX.TACODA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@APMEBF[1].TXT [ /APMEBF ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AR.ATWOLA[1].TXT [ /AR.ATWOLA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ATDMT[2].TXT [ /ATDMT ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ATWOLA[1].TXT [ /ATWOLA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@DE.AT.ATWOLA[1].TXT [ /DE.AT.ATWOLA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@EAS4.EMEDIATE[2].TXT [ /EAS4.EMEDIATE ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@NEXTAG[1].TXT [ /NEXTAG ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@SMARTADSERVER[2].TXT [ /SMARTADSERVER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@TACODA.AT.ATWOLA[1].TXT [ /TACODA.AT.ATWOLA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@TRADEDOUBLER[2].TXT [ /TRADEDOUBLER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@UNITYMEDIA[2].TXT [ /UNITYMEDIA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@WEBMASTERPLAN[1].TXT [ /WEBMASTERPLAN ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@WW251.SMARTADSERVER[1].TXT [ /WW251.SMARTADSERVER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@WWW.ETRACKER[2].TXT [ /WWW.ETRACKER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ZANOX-AFFILIATE[1].TXT [ /ZANOX-AFFILIATE ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-07 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ZANOX[2].TXT [ /ZANOX ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-14 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\Admin@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-14 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\Admin@MICROSOFTWLLIVEMKT.112.2O7[1].TXT [ /MICROSOFTWLLIVEMKT.112.2O7 ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-14 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\Admin@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-14 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-14 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ATDMT[2].TXT [ /ATDMT ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-14 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-14 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-14 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@TRAFFICTRACK[2].TXT [ /TRAFFICTRACK ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-08-07 190000\BACKUP FILES 2011-08-14 190000\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ZANOX[1].TXT [ /ZANOX ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\Admin@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\Admin@MICROSOFTWLLIVEMKT.112.2O7[1].TXT [ /MICROSOFTWLLIVEMKT.112.2O7 ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\Admin@SERVING-SYS[1].TXT [ /SERVING-SYS ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@2O7[1].TXT [ /2O7 ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ADSERVER[1].TXT [ /ADSERVER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ANRTX.TACODA[1].TXT [ /ANRTX.TACODA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@APMEBF[1].TXT [ /APMEBF ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AR.ATWOLA[1].TXT [ /AR.ATWOLA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@DE.AT.ATWOLA[1].TXT [ /DE.AT.ATWOLA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@TACODA.AT.ATWOLA[1].TXT [ /TACODA.AT.ATWOLA ]
        ZIP ARCHIVE( D:\DESKTOP\BACKUP SET 2011-10-09 213738\BACKUP FILES 2011-10-09 213738\BACKUP FILES 1.ZIP )/C\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@WWW.ETRACKER[2].TXT [ /WWW.ETRACKER ]
        .advertising.com [ J:\SICHERUNG\Benutzer1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RF5TDUH6.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ J:\SICHERUNG\Benutzer1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RF5TDUH6.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ J:\SICHERUNG\Benutzer1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RF5TDUH6.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ J:\SICHERUNG\Benutzer1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RF5TDUH6.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ J:\SICHERUNG\Benutzer1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RF5TDUH6.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ J:\SICHERUNG\Benutzer1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RF5TDUH6.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ J:\SICHERUNG\Benutzer1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RF5TDUH6.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ J:\SICHERUNG\Benutzer1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RF5TDUH6.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ J:\SICHERUNG\Benutzer1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RF5TDUH6.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ J:\SICHERUNG\Benutzer1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RF5TDUH6.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ J:\SICHERUNG\Benutzer1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RF5TDUH6.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ J:\SICHERUNG\Benutzer1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RF5TDUH6.DEFAULT\COOKIES.SQLITE ]
        J:\SICHERUNG\Benutzer1\COOKIES\Benutzer1@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
        J:\SICHERUNG\Benutzer1\COOKIES\Benutzer1@WWW.ETRACKER[2].TXT [ /WWW.ETRACKER ]
        J:\SICHERUNG\Benutzer1\COOKIES\Benutzer1@WWW.ARDMEDIATHEK[2].TXT [ /WWW.ARDMEDIATHEK ]
        J:\SICHERUNG\Benutzer1\COOKIES\Benutzer1@ADVERTISING[1].TXT [ /ADVERTISING ]
        C:\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ANRTX.TACODA[1].TXT [ /ANRTX.TACODA ]
        C:\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@ADSERVER[1].TXT [ /ADSERVER ]
        C:\USERS\Admin\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\Admin@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
        adserv.quality-channel.de [ C:\USERS\WILLI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SAXWCNAV ]
        statse.webtrendslive.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\Benutzer1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7YNGUXU5.DEFAULT\COOKIES.SQLITE ]
Wenn die cookies keine schadware sind sollte mein Onkel damit leben können. Beim INternetexplorer muss ich ihm dann einfach einstellen, dass sich die cookies beim Beenden des IE mitlöschen.

Malewarebytes hat nichts gefunden::daumenhoc::dankeschoen:

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.31.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: DESKTOP [Administrator]

Schutz: Deaktiviert

31.03.2012 15:58:38
mbam-log-2012-03-31 (15-58-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382145
Laufzeit: 23 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Vielen vielen Dank,
blök

cosinus 02.04.2012 10:44
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

blök 16.04.2012 22:10
Hallo Arne,

dem System meines Onkels gehts ansonsten gut bis jetzt sind keine weiteren Probleme aufgetreten.

Vielen Dank nochmal,
Blök

cosinus 17.04.2012 11:40
Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.






Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131